Add auth-signin annotation

2017-02-02 02:22:44 -08:00 · 2017-02-02 02:22:44 -08:00 · 09e6aabce4
commit 09e6aabce4
parent 4c0a616f5c
8 changed files with 158 additions and 24 deletions
--- a/core/pkg/ingress/annotations/authreq/main.go
+++ b/core/pkg/ingress/annotations/authreq/main.go
@ -28,16 +28,18 @@ import (

 const (
 	// external URL that provides the authentication
-	authURL    = "ingress.kubernetes.io/auth-url"
-	authMethod = "ingress.kubernetes.io/auth-method"
-	authBody   = "ingress.kubernetes.io/auth-send-body"
+	authURL       = "ingress.kubernetes.io/auth-url"
+	authSigninURL = "ingress.kubernetes.io/auth-signin"
+	authMethod    = "ingress.kubernetes.io/auth-method"
+	authBody      = "ingress.kubernetes.io/auth-send-body"
 )

 // External returns external authentication configuration for an Ingress rule
 type External struct {
-	URL      string `json:"url"`
-	Method   string `json:"method"`
-	SendBody bool   `json:"sendBody"`
+	URL       string `json:"url"`
+	SigninURL string `json:"signinUrl"`
+	Method    string `json:"method"`
+	SendBody  bool   `json:"sendBody"`
 }

 var (
@ -77,6 +79,8 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 		return nil, ing_errors.NewLocationDenied("an empty string is not a valid URL")
 	}

+	signin, _ := parser.GetStringAnnotation(authSigninURL, ing)
+
 	ur, err := url.Parse(str)
 	if err != nil {
 		return nil, err
@ -100,8 +104,9 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 	sb, _ := parser.GetBoolAnnotation(authBody, ing)

 	return &External{
-		URL:      str,
-		Method:   m,
-		SendBody: sb,
+		URL:       str,
+		SigninURL: signin,
+		Method:    m,
+		SendBody:  sb,
 	}, nil
 }
--- a/core/pkg/ingress/annotations/authreq/main_test.go
+++ b/core/pkg/ingress/annotations/authreq/main_test.go
@ -67,23 +67,25 @@ func TestAnnotations(t *testing.T) {
 	ing.SetAnnotations(data)

 	tests := []struct {
-		title    string
-		url      string
-		method   string
-		sendBody bool
-		expErr   bool
+		title     string
+		url       string
+		signinURL string
+		method    string
+		sendBody  bool
+		expErr    bool
 	}{
-		{"empty", "", "", false, true},
-		{"no scheme", "bar", "", false, true},
-		{"invalid host", "http://", "", false, true},
-		{"invalid host (multiple dots)", "http://foo..bar.com", "", false, true},
-		{"valid URL", "http://bar.foo.com/external-auth", "", false, false},
-		{"valid URL - send body", "http://foo.com/external-auth", "POST", true, false},
-		{"valid URL - send body", "http://foo.com/external-auth", "GET", true, false},
+		{"empty", "", "", "", false, true},
+		{"no scheme", "bar", "bar", "", false, true},
+		{"invalid host", "http://", "http://", "", false, true},
+		{"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", false, true},
+		{"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", false, false},
+		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "POST", true, false},
+		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "GET", true, false},
 	}

 	for _, test := range tests {
 		data[authURL] = test.url
+		data[authSigninURL] = test.signinURL
 		data[authBody] = fmt.Sprintf("%v", test.sendBody)
 		data[authMethod] = fmt.Sprintf("%v", test.method)

@ -101,6 +103,9 @@ func TestAnnotations(t *testing.T) {
 		if u.URL != test.url {
 			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.url, u.URL)
 		}
+		if u.SigninURL != test.signinURL {
+			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.signinURL, u.SigninURL)
+		}
 		if u.Method != test.method {
 			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.method, u.Method)
 		}