diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/BUILD b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/BUILD index fa7f92444f7..f35a36d4e0e 100644 --- a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/BUILD +++ b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/BUILD @@ -1,4 +1,10 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_library") +package(default_visibility = ["//visibility:public"]) + +load( + "@io_bazel_rules_go//go:def.bzl", + "go_library", + "go_test", +) go_library( name = "go_default_library", @@ -14,6 +20,17 @@ go_library( ], ) +go_test( + name = "go_default_test", + srcs = ["azure_auth_test.go"], + embed = [":go_default_library"], + deps = [ + "//vendor/github.com/Azure/go-autorest/autorest/adal:go_default_library", + "//vendor/github.com/Azure/go-autorest/autorest/azure:go_default_library", + "//vendor/github.com/stretchr/testify/assert:go_default_library", + ], +) + filegroup( name = "package-srcs", srcs = glob(["**"]), diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth_test.go b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth_test.go new file mode 100644 index 00000000000..c22f663ab68 --- /dev/null +++ b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth_test.go @@ -0,0 +1,152 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package auth + +import ( + "testing" + + "github.com/Azure/go-autorest/autorest/adal" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/stretchr/testify/assert" +) + +func TestGetServicePrincipalTokenFromMSIWithUserAssignedID(t *testing.T) { + configs := []*AzureAuthConfig{ + { + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "UserAssignedIdentityID", + }, + // The Azure service principal is ignored when + // UseManagedIdentityExtension is set to true + { + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "UserAssignedIdentityID", + TenantID: "TenantID", + AADClientID: "AADClientID", + AADClientSecret: "AADClientSecret", + }, + } + env := &azure.PublicCloud + + for _, config := range configs { + token, err := GetServicePrincipalToken(config, env) + assert.NoError(t, err) + + msiEndpoint, err := adal.GetMSIVMEndpoint() + assert.NoError(t, err) + + spt, err := adal.NewServicePrincipalTokenFromMSIWithUserAssignedID(msiEndpoint, + env.ServiceManagementEndpoint, config.UserAssignedIdentityID) + assert.NoError(t, err) + assert.Equal(t, token, spt) + } +} + +func TestGetServicePrincipalTokenFromMSI(t *testing.T) { + configs := []*AzureAuthConfig{ + { + UseManagedIdentityExtension: true, + }, + // The Azure service principal is ignored when + // UseManagedIdentityExtension is set to true + { + UseManagedIdentityExtension: true, + TenantID: "TenantID", + AADClientID: "AADClientID", + AADClientSecret: "AADClientSecret", + }, + } + env := &azure.PublicCloud + + for _, config := range configs { + token, err := GetServicePrincipalToken(config, env) + assert.NoError(t, err) + + msiEndpoint, err := adal.GetMSIVMEndpoint() + assert.NoError(t, err) + + spt, err := adal.NewServicePrincipalTokenFromMSI(msiEndpoint, env.ServiceManagementEndpoint) + assert.NoError(t, err) + assert.Equal(t, token, spt) + } + +} + +func TestGetServicePrincipalToken(t *testing.T) { + config := &AzureAuthConfig{ + TenantID: "TenantID", + AADClientID: "AADClientID", + AADClientSecret: "AADClientSecret", + } + env := &azure.PublicCloud + + token, err := GetServicePrincipalToken(config, env) + assert.NoError(t, err) + + oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, config.TenantID, nil) + assert.NoError(t, err) + + spt, err := adal.NewServicePrincipalToken(*oauthConfig, config.AADClientID, config.AADClientSecret, env.ServiceManagementEndpoint) + assert.NoError(t, err) + + assert.Equal(t, token, spt) +} + +func TestParseAzureEngironment(t *testing.T) { + cases := []struct { + cloudName string + resourceManagerEndpoint string + identitySystem string + expected *azure.Environment + }{ + { + cloudName: "", + resourceManagerEndpoint: "", + identitySystem: "", + expected: &azure.PublicCloud, + }, + { + cloudName: "AZURECHINACLOUD", + resourceManagerEndpoint: "", + identitySystem: "", + expected: &azure.ChinaCloud, + }, + } + + for _, c := range cases { + env, err := ParseAzureEnvironment(c.cloudName, c.resourceManagerEndpoint, c.identitySystem) + assert.NoError(t, err) + assert.Equal(t, env, c.expected) + } +} + +func TestAzureStackOverrides(t *testing.T) { + env := &azure.PublicCloud + resourceManagerEndpoint := "https://management.test.com/" + + azureStackOverrides(env, resourceManagerEndpoint, "") + assert.Equal(t, env.ManagementPortalURL, "https://portal.test.com/") + assert.Equal(t, env.ServiceManagementEndpoint, env.TokenAudience) + assert.Equal(t, env.ResourceManagerVMDNSSuffix, "cloudapp.test.com") + assert.Equal(t, env.ActiveDirectoryEndpoint, "https://login.microsoftonline.com/") + + azureStackOverrides(env, resourceManagerEndpoint, "adfs") + assert.Equal(t, env.ManagementPortalURL, "https://portal.test.com/") + assert.Equal(t, env.ServiceManagementEndpoint, env.TokenAudience) + assert.Equal(t, env.ResourceManagerVMDNSSuffix, "cloudapp.test.com") + assert.Equal(t, env.ActiveDirectoryEndpoint, "https://login.microsoftonline.com") +}