github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #80841 from rjaini/azs_adfs

Browse Source 
feat: enhance Azure cloud provider code to support both AAD and ADFS authentication.
This commit is contained in:
Kubernetes Prow Robot 2019-08-01 08:17:08 -07:00 committed by GitHub
commit 9c22ff1966
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go
View File

@ -21,6 +21,7 @@ import (
"crypto/x509" "crypto/x509"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"strings"
"github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/adal"
"github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure"
@ -31,6 +32,8 @@ import (
var ( var (
// ErrorNoAuth indicates that no credentials are provided. // ErrorNoAuth indicates that no credentials are provided.
ErrorNoAuth = fmt.Errorf("no credentials provided for Azure cloud provider") ErrorNoAuth = fmt.Errorf("no credentials provided for Azure cloud provider")
// ADFSIdentitySystem indicates value of tenantId for ADFS on Azure Stack.
ADFSIdentitySystem = "ADFS"
) )
// AzureAuthConfig holds auth related part of cloud config // AzureAuthConfig holds auth related part of cloud config
@ -55,10 +58,19 @@ type AzureAuthConfig struct {
UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"` UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"`
// The ID of the Azure Subscription that the cluster is deployed in // The ID of the Azure Subscription that the cluster is deployed in
SubscriptionID string `json:"subscriptionId,omitempty" yaml:"subscriptionId,omitempty"` SubscriptionID string `json:"subscriptionId,omitempty" yaml:"subscriptionId,omitempty"`
// Identity system value for the deployment. This gets populate for Azure Stack case.
IdentitySystem string `json:"identitySystem,omitempty" yaml:"identitySystem,omitempty"`
} }
// GetServicePrincipalToken creates a new service principal token based on the configuration // GetServicePrincipalToken creates a new service principal token based on the configuration
func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (*adal.ServicePrincipalToken, error) { func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (*adal.ServicePrincipalToken, error) {
var tenantID string
if strings.EqualFold(config.IdentitySystem, ADFSIdentitySystem) {
tenantID = "adfs"
} else {
tenantID = config.TenantID
}
if config.UseManagedIdentityExtension { if config.UseManagedIdentityExtension {
klog.V(2).Infoln("azure: using managed identity extension to retrieve access token") klog.V(2).Infoln("azure: using managed identity extension to retrieve access token")
msiEndpoint, err := adal.GetMSIVMEndpoint() msiEndpoint, err := adal.GetMSIVMEndpoint()
@ -77,7 +89,7 @@ func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (
env.ServiceManagementEndpoint) env.ServiceManagementEndpoint)
} }
oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, config.TenantID) oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenantID)
if err != nil { if err != nil {
return nil, fmt.Errorf("creating the OAuth config: %v", err) return nil, fmt.Errorf("creating the OAuth config: %v", err)
} }