mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #88533 from bowen5/cross-tenant-network-resource
[UseNetworkResourceInDifferentTenant] Fix bug of setting incorrect subscription id on azure network resource clients.
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
322b2fe16f
@ -556,7 +556,7 @@ func (az *Cloud) configAzureClients(
|
|||||||
vmssVMClientConfig.Authorizer = multiTenantServicePrincipalTokenAuthorizer
|
vmssVMClientConfig.Authorizer = multiTenantServicePrincipalTokenAuthorizer
|
||||||
}
|
}
|
||||||
|
|
||||||
// If uses network resources in different AAD Tenant, update Authorizer for network resources client config
|
// If uses network resources in different AAD Tenant, update SubscriptionID and Authorizer for network resources client config
|
||||||
if networkResourceServicePrincipalToken != nil {
|
if networkResourceServicePrincipalToken != nil {
|
||||||
networkResourceServicePrincipalTokenAuthorizer := autorest.NewBearerAuthorizer(networkResourceServicePrincipalToken)
|
networkResourceServicePrincipalTokenAuthorizer := autorest.NewBearerAuthorizer(networkResourceServicePrincipalToken)
|
||||||
routeClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
routeClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
||||||
@ -565,6 +565,13 @@ func (az *Cloud) configAzureClients(
|
|||||||
loadBalancerClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
loadBalancerClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
||||||
securityGroupClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
securityGroupClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
||||||
publicIPClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
publicIPClientConfig.Authorizer = networkResourceServicePrincipalTokenAuthorizer
|
||||||
|
|
||||||
|
routeClientConfig.SubscriptionID = az.Config.NetworkResourceSubscriptionID
|
||||||
|
subnetClientConfig.SubscriptionID = az.Config.NetworkResourceSubscriptionID
|
||||||
|
routeTableClientConfig.SubscriptionID = az.Config.NetworkResourceSubscriptionID
|
||||||
|
loadBalancerClientConfig.SubscriptionID = az.Config.NetworkResourceSubscriptionID
|
||||||
|
securityGroupClientConfig.SubscriptionID = az.Config.NetworkResourceSubscriptionID
|
||||||
|
publicIPClientConfig.SubscriptionID = az.Config.NetworkResourceSubscriptionID
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize all azure clients based on client config
|
// Initialize all azure clients based on client config
|
||||||
|
|||||||
@ -98,7 +98,7 @@ func (az *Cloud) getAvailabilitySetID(resourceGroup, availabilitySetName string)
|
|||||||
func (az *Cloud) getFrontendIPConfigID(lbName, rgName, fipConfigName string) string {
|
func (az *Cloud) getFrontendIPConfigID(lbName, rgName, fipConfigName string) string {
|
||||||
return fmt.Sprintf(
|
return fmt.Sprintf(
|
||||||
frontendIPConfigIDTemplate,
|
frontendIPConfigIDTemplate,
|
||||||
az.SubscriptionID,
|
az.getNetworkResourceSubscriptionID(),
|
||||||
rgName,
|
rgName,
|
||||||
lbName,
|
lbName,
|
||||||
fipConfigName)
|
fipConfigName)
|
||||||
@ -108,7 +108,7 @@ func (az *Cloud) getFrontendIPConfigID(lbName, rgName, fipConfigName string) str
|
|||||||
func (az *Cloud) getBackendPoolID(lbName, rgName, backendPoolName string) string {
|
func (az *Cloud) getBackendPoolID(lbName, rgName, backendPoolName string) string {
|
||||||
return fmt.Sprintf(
|
return fmt.Sprintf(
|
||||||
backendPoolIDTemplate,
|
backendPoolIDTemplate,
|
||||||
az.SubscriptionID,
|
az.getNetworkResourceSubscriptionID(),
|
||||||
rgName,
|
rgName,
|
||||||
lbName,
|
lbName,
|
||||||
backendPoolName)
|
backendPoolName)
|
||||||
@ -118,12 +118,20 @@ func (az *Cloud) getBackendPoolID(lbName, rgName, backendPoolName string) string
|
|||||||
func (az *Cloud) getLoadBalancerProbeID(lbName, rgName, lbRuleName string) string {
|
func (az *Cloud) getLoadBalancerProbeID(lbName, rgName, lbRuleName string) string {
|
||||||
return fmt.Sprintf(
|
return fmt.Sprintf(
|
||||||
loadBalancerProbeIDTemplate,
|
loadBalancerProbeIDTemplate,
|
||||||
az.SubscriptionID,
|
az.getNetworkResourceSubscriptionID(),
|
||||||
rgName,
|
rgName,
|
||||||
lbName,
|
lbName,
|
||||||
lbRuleName)
|
lbRuleName)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getNetworkResourceSubscriptionID returns the subscription id which hosts network resources
|
||||||
|
func (az *Cloud) getNetworkResourceSubscriptionID() string {
|
||||||
|
if az.Config.UsesNetworkResourceInDifferentTenant() {
|
||||||
|
return az.NetworkResourceSubscriptionID
|
||||||
|
}
|
||||||
|
return az.SubscriptionID
|
||||||
|
}
|
||||||
|
|
||||||
func (az *Cloud) mapLoadBalancerNameToVMSet(lbName string, clusterName string) (vmSetName string) {
|
func (az *Cloud) mapLoadBalancerNameToVMSet(lbName string, clusterName string) (vmSetName string) {
|
||||||
vmSetName = strings.TrimSuffix(lbName, InternalLoadBalancerNameSuffix)
|
vmSetName = strings.TrimSuffix(lbName, InternalLoadBalancerNameSuffix)
|
||||||
if strings.EqualFold(clusterName, vmSetName) {
|
if strings.EqualFold(clusterName, vmSetName) {
|
||||||
|
|||||||
@ -19,6 +19,7 @@ limitations under the License.
|
|||||||
package azure
|
package azure
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"strconv"
|
"strconv"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
@ -29,6 +30,11 @@ import (
|
|||||||
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
|
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
networkResourceTenantID = "networkResourceTenantID"
|
||||||
|
networkResourceSubscriptionID = "networkResourceSubscriptionID"
|
||||||
|
)
|
||||||
|
|
||||||
func TestIsMasterNode(t *testing.T) {
|
func TestIsMasterNode(t *testing.T) {
|
||||||
if isMasterNode(&v1.Node{}) {
|
if isMasterNode(&v1.Node{}) {
|
||||||
t.Errorf("Empty node should not be master!")
|
t.Errorf("Empty node should not be master!")
|
||||||
@ -416,3 +422,81 @@ func TestGetFrontendIPConfigName(t *testing.T) {
|
|||||||
assert.Equal(t, c.expected, ipconfigName, c.description)
|
assert.Equal(t, c.expected, ipconfigName, c.description)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestGetFrontendIPConfigID(t *testing.T) {
|
||||||
|
ctrl := gomock.NewController(t)
|
||||||
|
defer ctrl.Finish()
|
||||||
|
az := GetTestCloud(ctrl)
|
||||||
|
|
||||||
|
testGetLoadBalancerSubResourceID(t, az, az.getFrontendIPConfigID, frontendIPConfigIDTemplate)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestGetBackendPoolID(t *testing.T) {
|
||||||
|
ctrl := gomock.NewController(t)
|
||||||
|
defer ctrl.Finish()
|
||||||
|
az := GetTestCloud(ctrl)
|
||||||
|
|
||||||
|
testGetLoadBalancerSubResourceID(t, az, az.getBackendPoolID, backendPoolIDTemplate)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestGetLoadBalancerProbeID(t *testing.T) {
|
||||||
|
ctrl := gomock.NewController(t)
|
||||||
|
defer ctrl.Finish()
|
||||||
|
az := GetTestCloud(ctrl)
|
||||||
|
|
||||||
|
testGetLoadBalancerSubResourceID(t, az, az.getLoadBalancerProbeID, loadBalancerProbeIDTemplate)
|
||||||
|
}
|
||||||
|
|
||||||
|
func testGetLoadBalancerSubResourceID(
|
||||||
|
t *testing.T,
|
||||||
|
az *Cloud,
|
||||||
|
getLoadBalancerSubResourceID func(string, string, string) string,
|
||||||
|
expectedResourceIDTemplate string) {
|
||||||
|
cases := []struct {
|
||||||
|
description string
|
||||||
|
loadBalancerName string
|
||||||
|
resourceGroupName string
|
||||||
|
subResourceName string
|
||||||
|
useNetworkResourceInDifferentTenant bool
|
||||||
|
expected string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
description: "resource id should contain NetworkResourceSubscriptionID when using network resources in different subscription",
|
||||||
|
loadBalancerName: "lbName",
|
||||||
|
resourceGroupName: "rgName",
|
||||||
|
subResourceName: "subResourceName",
|
||||||
|
useNetworkResourceInDifferentTenant: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "resource id should contain SubscriptionID when not using network resources in different subscription",
|
||||||
|
loadBalancerName: "lbName",
|
||||||
|
resourceGroupName: "rgName",
|
||||||
|
subResourceName: "subResourceName",
|
||||||
|
useNetworkResourceInDifferentTenant: false,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, c := range cases {
|
||||||
|
if c.useNetworkResourceInDifferentTenant {
|
||||||
|
az.NetworkResourceTenantID = networkResourceTenantID
|
||||||
|
az.NetworkResourceSubscriptionID = networkResourceSubscriptionID
|
||||||
|
c.expected = fmt.Sprintf(
|
||||||
|
expectedResourceIDTemplate,
|
||||||
|
az.NetworkResourceSubscriptionID,
|
||||||
|
c.resourceGroupName,
|
||||||
|
c.loadBalancerName,
|
||||||
|
c.subResourceName)
|
||||||
|
} else {
|
||||||
|
az.NetworkResourceTenantID = ""
|
||||||
|
az.NetworkResourceSubscriptionID = ""
|
||||||
|
c.expected = fmt.Sprintf(
|
||||||
|
expectedResourceIDTemplate,
|
||||||
|
az.SubscriptionID,
|
||||||
|
c.resourceGroupName,
|
||||||
|
c.loadBalancerName,
|
||||||
|
c.subResourceName)
|
||||||
|
}
|
||||||
|
subResourceID := getLoadBalancerSubResourceID(c.loadBalancerName, c.resourceGroupName, c.subResourceName)
|
||||||
|
assert.Equal(t, c.expected, subResourceID, c.description)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user