From 159e5034cf9b64a987d0b54701eae42c662c0603 Mon Sep 17 00:00:00 2001 From: Rohit Date: Wed, 31 Jul 2019 19:39:52 -0700 Subject: [PATCH 1/2] Adding support for Azure Stack ADFS case. --- .../azure/auth/azure_auth.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go index 6ca04436f15..22ef2b170b3 100644 --- a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go +++ b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go @@ -21,6 +21,7 @@ import ( "crypto/x509" "fmt" "io/ioutil" + "strings" "github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/azure" @@ -31,6 +32,8 @@ import ( var ( // ErrorNoAuth indicates that no credentials are provided. ErrorNoAuth = fmt.Errorf("no credentials provided for Azure cloud provider") + // Tenenatid value for Azure Stack ADFS case. + ADFSIdentitySystem = "ADFS" ) // AzureAuthConfig holds auth related part of cloud config @@ -55,10 +58,19 @@ type AzureAuthConfig struct { UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"` // The ID of the Azure Subscription that the cluster is deployed in SubscriptionID string `json:"subscriptionId,omitempty" yaml:"subscriptionId,omitempty"` + // Identity system value for the deployment. This gets populate for Azure Stack case. + IdentitySystem string `json:"identitySystem,omitempty" yaml:"identitySystem,omitempty"` } // GetServicePrincipalToken creates a new service principal token based on the configuration func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (*adal.ServicePrincipalToken, error) { + var tenantId string + if strings.EqualFold(config.IdentitySystem, ADFSIdentitySystem) { + tenantId = "adfs" + } else { + tenantId = config.TenantID + } + if config.UseManagedIdentityExtension { klog.V(2).Infoln("azure: using managed identity extension to retrieve access token") msiEndpoint, err := adal.GetMSIVMEndpoint() @@ -77,7 +89,7 @@ func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) ( env.ServiceManagementEndpoint) } - oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, config.TenantID) + oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenantId) if err != nil { return nil, fmt.Errorf("creating the OAuth config: %v", err) } From 14b648d203f3936ad326081ccffbfeaa2e30f646 Mon Sep 17 00:00:00 2001 From: Rohit Date: Wed, 31 Jul 2019 21:02:22 -0700 Subject: [PATCH 2/2] fixed golint issues. --- .../legacy-cloud-providers/azure/auth/azure_auth.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go index 22ef2b170b3..290d9515513 100644 --- a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go +++ b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go @@ -32,7 +32,7 @@ import ( var ( // ErrorNoAuth indicates that no credentials are provided. ErrorNoAuth = fmt.Errorf("no credentials provided for Azure cloud provider") - // Tenenatid value for Azure Stack ADFS case. + // ADFSIdentitySystem indicates value of tenantId for ADFS on Azure Stack. ADFSIdentitySystem = "ADFS" ) @@ -64,11 +64,11 @@ type AzureAuthConfig struct { // GetServicePrincipalToken creates a new service principal token based on the configuration func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (*adal.ServicePrincipalToken, error) { - var tenantId string + var tenantID string if strings.EqualFold(config.IdentitySystem, ADFSIdentitySystem) { - tenantId = "adfs" + tenantID = "adfs" } else { - tenantId = config.TenantID + tenantID = config.TenantID } if config.UseManagedIdentityExtension { @@ -89,7 +89,7 @@ func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) ( env.ServiceManagementEndpoint) } - oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenantId) + oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenantID) if err != nil { return nil, fmt.Errorf("creating the OAuth config: %v", err) }