fix image pulling failure when IMDS is unavailalbe in kubelet startup

fix test failure
This commit is contained in:
andyzhangx 2022-06-12 04:45:59 +00:00
parent 867b5cc31b
commit 8b0ac045e2
2 changed files with 17 additions and 73 deletions

View File

@ -31,7 +31,6 @@ import (
"time" "time"
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry" "github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/adal"
"github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure"
"github.com/spf13/pflag" "github.com/spf13/pflag"
@ -91,39 +90,6 @@ type RegistriesClient interface {
List(ctx context.Context) ([]containerregistry.Registry, error) List(ctx context.Context) ([]containerregistry.Registry, error)
} }
// azRegistriesClient implements RegistriesClient.
type azRegistriesClient struct {
client containerregistry.RegistriesClient
}
func newAzRegistriesClient(subscriptionID, endpoint string, token *adal.ServicePrincipalToken) *azRegistriesClient {
registryClient := containerregistry.NewRegistriesClient(subscriptionID)
registryClient.BaseURI = endpoint
registryClient.Authorizer = autorest.NewBearerAuthorizer(token)
return &azRegistriesClient{
client: registryClient,
}
}
func (az *azRegistriesClient) List(ctx context.Context) ([]containerregistry.Registry, error) {
iterator, err := az.client.ListComplete(ctx)
if err != nil {
return nil, err
}
result := make([]containerregistry.Registry, 0)
for ; iterator.NotDone(); err = iterator.Next() {
if err != nil {
return nil, err
}
result = append(result, iterator.Value())
}
return result, nil
}
// NewACRProvider parses the specified configFile and returns a DockerConfigProvider // NewACRProvider parses the specified configFile and returns a DockerConfigProvider
func NewACRProvider(configFile *string) credentialprovider.DockerConfigProvider { func NewACRProvider(configFile *string) credentialprovider.DockerConfigProvider {
return &acrProvider{ return &acrProvider{
@ -136,7 +102,6 @@ type acrProvider struct {
file *string file *string
config *auth.AzureAuthConfig config *auth.AzureAuthConfig
environment *azure.Environment environment *azure.Environment
registryClient RegistriesClient
servicePrincipalToken *adal.ServicePrincipalToken servicePrincipalToken *adal.ServicePrincipalToken
cache cache.Store cache cache.Store
} }
@ -209,11 +174,7 @@ func (a *acrProvider) Enabled() bool {
a.servicePrincipalToken, err = auth.GetServicePrincipalToken(a.config, a.environment) a.servicePrincipalToken, err = auth.GetServicePrincipalToken(a.config, a.environment)
if err != nil { if err != nil {
klog.Errorf("Failed to create service principal token: %v", err) klog.Errorf("Failed to create service principal token: %v", err)
return false
} }
a.registryClient = newAzRegistriesClient(a.config.SubscriptionID, a.environment.ResourceManagerEndpoint, a.servicePrincipalToken)
return true return true
} }
@ -324,11 +285,21 @@ func getLoginServer(registry containerregistry.Registry) string {
} }
func getACRDockerEntryFromARMToken(a *acrProvider, loginServer string) (*credentialprovider.DockerConfigEntry, error) { func getACRDockerEntryFromARMToken(a *acrProvider, loginServer string) (*credentialprovider.DockerConfigEntry, error) {
// Run EnsureFresh to make sure the token is valid and does not expire if a.servicePrincipalToken == nil {
if err := a.servicePrincipalToken.EnsureFresh(); err != nil { token, err := auth.GetServicePrincipalToken(a.config, a.environment)
klog.Errorf("Failed to ensure fresh service principal token: %v", err) if err != nil {
return nil, err klog.Errorf("Failed to create service principal token: %v", err)
return nil, err
}
a.servicePrincipalToken = token
} else {
// Run EnsureFresh to make sure the token is valid and does not expire
if err := a.servicePrincipalToken.EnsureFresh(); err != nil {
klog.Errorf("Failed to ensure fresh service principal token: %v", err)
return nil, err
}
} }
armAccessToken := a.servicePrincipalToken.OAuthToken() armAccessToken := a.servicePrincipalToken.OAuthToken()
klog.V(4).Infof("discovering auth redirects for: %s", loginServer) klog.V(4).Infof("discovering auth redirects for: %s", loginServer)

View File

@ -21,7 +21,6 @@ package azure
import ( import (
"bytes" "bytes"
"context"
"testing" "testing"
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry" "github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
@ -32,14 +31,6 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
type fakeClient struct {
results []containerregistry.Registry
}
func (f *fakeClient) List(ctx context.Context) ([]containerregistry.Registry, error) {
return f.results, nil
}
func Test(t *testing.T) { func Test(t *testing.T) {
configStr := ` configStr := `
{ {
@ -72,13 +63,9 @@ func Test(t *testing.T) {
}, },
}, },
} }
fakeClient := &fakeClient{
results: result,
}
provider := &acrProvider{ provider := &acrProvider{
registryClient: fakeClient, cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
} }
provider.loadConfig(bytes.NewBufferString(configStr)) provider.loadConfig(bytes.NewBufferString(configStr))
@ -133,8 +120,7 @@ func TestProvide(t *testing.T) {
for i, test := range testCases { for i, test := range testCases {
provider := &acrProvider{ provider := &acrProvider{
registryClient: &fakeClient{}, cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
} }
provider.loadConfig(bytes.NewBufferString(test.configStr)) provider.loadConfig(bytes.NewBufferString(test.configStr))
@ -149,21 +135,8 @@ func TestParseACRLoginServerFromImage(t *testing.T) {
"aadClientId": "foo", "aadClientId": "foo",
"aadClientSecret": "bar" "aadClientSecret": "bar"
}` }`
result := []containerregistry.Registry{
{
Name: to.StringPtr("foo"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("*.azurecr.io"),
},
},
}
fakeClient := &fakeClient{
results: result,
}
provider := &acrProvider{ provider := &acrProvider{}
registryClient: fakeClient,
}
provider.loadConfig(bytes.NewBufferString(configStr)) provider.loadConfig(bytes.NewBufferString(configStr))
provider.environment = &azure.Environment{ provider.environment = &azure.Environment{
ContainerRegistryDNSSuffix: ".azurecr.my.cloud", ContainerRegistryDNSSuffix: ".azurecr.my.cloud",