restructure authentication package, add noop authn

README.md

@@ -8,7 +8,7 @@ Library for quickly bootstrapping authentication/authorisation webhook for Kuber
 
 - [x] Move `main.go` to `cmd/main.go`
 - [ ] Add full integration step-by-step tutorial with casbin
-- [x] Think how to restructure packages
+- [x] Restructure packages
 - [ ] Provide detailed readme how to extend it 
 - [x] Write authorization module
 - [x] Complete tests

authn/authenticator/noop.go

@@ -0,0 +1,11 @@
+package authenticator
+
+import "github.com/ideahitme/k8s-api-webhook/authn/unversioned"
+
+// Noop is the default authenticator which only returns empty user
+type Noop struct{}
+
+// Authenticate return empty userinfo
+func (n Noop) Authenticate(token string) (*unversioned.UserInfo, error) {
+	return nil, nil
+}

authn/authenticator/noop_test.go

@@ -0,0 +1,10 @@
+package authenticator
+
+import "testing"
+import "github.com/stretchr/testify/assert"
+
+func TestNoop(t *testing.T) {
+	user, err := Noop{}.Authenticate("1234")
+	assert.Nil(t, user, "Noop authenticator returns empty user")
+	assert.NoError(t, err, "Noop authenticate should not return any error")
+}

authn/handler.go

@@ -4,30 +4,37 @@ import (
 	"net/http"
 
 	"github.com/ideahitme/k8s-api-webhook/authn/authenticator"
-	"github.com/ideahitme/k8s-api-webhook/authn/v1beta1"
+	"github.com/ideahitme/k8s-api-webhook/authn/versioned"
+	"github.com/ideahitme/k8s-api-webhook/authn/versioned/v1beta1"
 )
 
 // AuthenticationHandler implements the webhook handler
 type AuthenticationHandler struct {
-	authProvider   authenticator.Authenticator
-	resConstructor ResponseConstructor
-	reqParser      RequestParser
+	authenticator  authenticator.Authenticator
+	resConstructor versioned.ResponseConstructor
+	reqParser      versioned.RequestParser
 }
 
-// NewAuthenticationHandler returns authentication http handler
-func NewAuthenticationHandler(p authenticator.Authenticator) *AuthenticationHandler {
+// CreateAuthenticationHandler returns default authentication http handler
+func CreateAuthenticationHandler() *AuthenticationHandler {
 	h := &AuthenticationHandler{
-		authProvider:   p,
+		authenticator:  authenticator.Noop{},
 		resConstructor: v1beta1.ResponseConstructor{},
 		reqParser:      v1beta1.RequestParser{},
 	}
 
 	return h
 }
 
+// WithAuthenticator adds authenticator to overwrite default noop authenticator
+func (h *AuthenticationHandler) WithAuthenticator(p authenticator.Authenticator) *AuthenticationHandler {
+	h.authenticator = p
+	return h
+}
+
 // WithAPIVersion specify API version to use for handling authentication requests
-func (h *AuthenticationHandler) WithAPIVersion(apiVersion APIVersion) *AuthenticationHandler {
-	if apiVersion == V1Beta1 {
+func (h *AuthenticationHandler) WithAPIVersion(apiVersion versioned.APIVersion) *AuthenticationHandler {
+	if apiVersion == versioned.V1Beta1 {
 		h.resConstructor = v1beta1.ResponseConstructor{}
 		h.reqParser = v1beta1.RequestParser{}
 	}
@@ -42,7 +49,7 @@ func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	user, err := h.authProvider.Authenticate(token)
+	user, err := h.authenticator.Authenticate(token)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write(h.resConstructor.NewFailResponse())

authn/handler_test.go

@@ -13,17 +13,21 @@ import (
 
 	"github.com/ideahitme/k8s-api-webhook/authn/authenticator"
 	"github.com/ideahitme/k8s-api-webhook/authn/unversioned"
-	"github.com/ideahitme/k8s-api-webhook/authn/v1beta1"
+	"github.com/ideahitme/k8s-api-webhook/authn/versioned"
+	"github.com/ideahitme/k8s-api-webhook/authn/versioned/v1beta1"
 	"github.com/ideahitme/k8s-api-webhook/internal/testutils"
 )
 
-func TestNewAuthenticationHandler(t *testing.T) {
-	h := NewAuthenticationHandler(authenticator.Static{}).WithAPIVersion(V1Beta1)
-	assert.Equal(t, h.authProvider, authenticator.Static{})
+func TestCreateAuthenticationHandler(t *testing.T) {
+	h := CreateAuthenticationHandler()
+	assert.IsType(t, h.authenticator, authenticator.Noop{})
+
+	h = h.WithAuthenticator(authenticator.Static{}).WithAPIVersion(versioned.V1Beta1)
+	assert.Equal(t, h.authenticator, authenticator.Static{})
 }
 
 func TestWithAPIVersion(t *testing.T) {
-	h := (&AuthenticationHandler{}).WithAPIVersion(V1Beta1)
+	h := (&AuthenticationHandler{}).WithAPIVersion(versioned.V1Beta1)
 	assert.Equal(t, h.reqParser, v1beta1.RequestParser{})
 	assert.Equal(t, h.resConstructor, v1beta1.ResponseConstructor{})
 
@@ -47,7 +51,7 @@ func TestServeHTTP(t *testing.T) {
 	assert.Nil(t, err)
 	failAuthenticator := errAuthenticator{invalidToken: "cause-error"}
 
-	handler := NewAuthenticationHandler(authenticator.NewAggregator(staticAuthenticator, failAuthenticator))
+	handler := CreateAuthenticationHandler().WithAuthenticator(authenticator.NewAggregator(staticAuthenticator, failAuthenticator))
 	mockServer := httptest.NewServer(handler)
 	defer mockServer.Close()
 

authn/definitions.go → authn/versioned/versioned.go

@@ -1,4 +1,4 @@
-package authn
+package versioned
 
 import (
 	"io"