github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 22:17:14 +00:00
Code Issues Projects Releases Wiki Activity

Fix aad support in kubectl for sovereign cloud

Browse Source
This commit is contained in:
Dong Liu 2018-12-18 13:50:56 +08:00
parent 4e8bea4bb7
commit 092f398825
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure.go
View File

@ -145,6 +145,7 @@ func (r *azureRoundTripper) WrappedRoundTripper() http.RoundTripper { return r.r
type azureToken struct { type azureToken struct {
token adal.Token token adal.Token
environment string
clientID string clientID string
tenantID string tenantID string
apiserverID string apiserverID string
@ -219,6 +220,10 @@ func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) {
if refreshToken == "" { if refreshToken == "" {
return nil, fmt.Errorf("no refresh token in cfg: %s", cfgRefreshToken) return nil, fmt.Errorf("no refresh token in cfg: %s", cfgRefreshToken)
} }
environment := ts.cfg[cfgEnvironment]
if environment == "" {
return nil, fmt.Errorf("no environment in cfg: %s", cfgEnvironment)
}
clientID := ts.cfg[cfgClientID] clientID := ts.cfg[cfgClientID]
if clientID == "" { if clientID == "" {
return nil, fmt.Errorf("no client ID in cfg: %s", cfgClientID) return nil, fmt.Errorf("no client ID in cfg: %s", cfgClientID)
@ -250,6 +255,7 @@ func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) {
Resource: fmt.Sprintf("spn:%s", apiserverID), Resource: fmt.Sprintf("spn:%s", apiserverID),
Type: tokenType, Type: tokenType,
}, },
environment: environment,
clientID: clientID, clientID: clientID,
tenantID: tenantID, tenantID: tenantID,
apiserverID: apiserverID, apiserverID: apiserverID,
@ -260,6 +266,7 @@ func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error {
newCfg := make(map[string]string) newCfg := make(map[string]string)
newCfg[cfgAccessToken] = token.token.AccessToken newCfg[cfgAccessToken] = token.token.AccessToken
newCfg[cfgRefreshToken] = token.token.RefreshToken newCfg[cfgRefreshToken] = token.token.RefreshToken
newCfg[cfgEnvironment] = token.environment
newCfg[cfgClientID] = token.clientID newCfg[cfgClientID] = token.clientID
newCfg[cfgTenantID] = token.tenantID newCfg[cfgTenantID] = token.tenantID
newCfg[cfgApiserverID] = token.apiserverID newCfg[cfgApiserverID] = token.apiserverID
@ -275,7 +282,12 @@ func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error {
} }
func (ts *azureTokenSource) refreshToken(token *azureToken) (*azureToken, error) { func (ts *azureTokenSource) refreshToken(token *azureToken) (*azureToken, error) {
oauthConfig, err := adal.NewOAuthConfig(azure.PublicCloud.ActiveDirectoryEndpoint, token.tenantID) env, err := azure.EnvironmentFromName(token.environment)
if err != nil {
return nil, err
}
oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID)
if err != nil { if err != nil {
return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err) return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err)
} }
@ -299,6 +311,7 @@ func (ts *azureTokenSource) refreshToken(token *azureToken) (*azureToken, error)
return &azureToken{ return &azureToken{
token: spt.Token(), token: spt.Token(),
environment: token.environment,
clientID: token.clientID, clientID: token.clientID,
tenantID: token.tenantID, tenantID: token.tenantID,
apiserverID: token.apiserverID, apiserverID: token.apiserverID,
@ -353,6 +366,7 @@ func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) {
return &azureToken{ return &azureToken{
token: *token, token: *token,
environment: ts.environment.Name,
clientID: ts.clientID, clientID: ts.clientID,
tenantID: ts.tenantID, tenantID: ts.tenantID,
apiserverID: ts.apiserverID, apiserverID: ts.apiserverID,

9
staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure_test.go
View File

@ -53,6 +53,13 @@ func TestAzureTokenSource(t *testing.T) {
wantCfg := token2Cfg(token) wantCfg := token2Cfg(token)
persistedCfg := persiter.Cache() persistedCfg := persiter.Cache()
wantCfgLen := len(wantCfg)
persistedCfgLen := len(persistedCfg)
if wantCfgLen != persistedCfgLen {
t.Errorf("wantCfgLen and persistedCfgLen do not match, wantCfgLen=%v, persistedCfgLen=%v", wantCfgLen, persistedCfgLen)
}
for k, v := range persistedCfg { for k, v := range persistedCfg {
if strings.Compare(v, wantCfg[k]) != 0 { if strings.Compare(v, wantCfg[k]) != 0 {
t.Errorf("Token() persisted cfg %s: got %v, want %v", k, v, wantCfg[k]) t.Errorf("Token() persisted cfg %s: got %v, want %v", k, v, wantCfg[k])
@ -103,6 +110,7 @@ type fakeTokenSource struct {
func (ts *fakeTokenSource) Token() (*azureToken, error) { func (ts *fakeTokenSource) Token() (*azureToken, error) {
return &azureToken{ return &azureToken{
token: newFackeAzureToken(ts.accessToken, ts.expiresOn), token: newFackeAzureToken(ts.accessToken, ts.expiresOn),
environment: "testenv",
clientID: "fake", clientID: "fake",
tenantID: "fake", tenantID: "fake",
apiserverID: "fake", apiserverID: "fake",
@ -113,6 +121,7 @@ func token2Cfg(token *azureToken) map[string]string {
cfg := make(map[string]string) cfg := make(map[string]string)
cfg[cfgAccessToken] = token.token.AccessToken cfg[cfgAccessToken] = token.token.AccessToken
cfg[cfgRefreshToken] = token.token.RefreshToken cfg[cfgRefreshToken] = token.token.RefreshToken
cfg[cfgEnvironment] = token.environment
cfg[cfgClientID] = token.clientID cfg[cfgClientID] = token.clientID
cfg[cfgTenantID] = token.tenantID cfg[cfgTenantID] = token.tenantID
cfg[cfgApiserverID] = token.apiserverID cfg[cfgApiserverID] = token.apiserverID