Skip to content
This repository was archived by the owner on Mar 13, 2022. It is now read-only.

Commit 0b20833

Browse files
fooka03fooka03
committed
Dynamically load apiserver id from kube config
1 parent afd1301 commit 0b20833

File tree

2 files changed

+73
-7
lines changed

2 files changed

+73
-7
lines changed

Diff for: config/kube_config.py

+5-2
Original file line numberDiff line numberDiff line change
@@ -249,12 +249,15 @@ def _refresh_azure_token(self, config):
249249
tenant = config['tenant-id']
250250
authority = 'https://login.microsoftonline.com/{}'.format(tenant)
251251
context = adal.AuthenticationContext(
252-
authority, validate_authority=True,
252+
authority, validate_authority=True, api_version='1.0'
253253
)
254254
refresh_token = config['refresh-token']
255255
client_id = config['client-id']
256+
apiserver_id = config.get(
257+
'apiserver-id',
258+
'00000002-0000-0000-c000-000000000000')
256259
token_response = context.acquire_token_with_refresh_token(
257-
refresh_token, client_id, '00000002-0000-0000-c000-000000000000')
260+
refresh_token, client_id, apiserver_id)
258261

259262
provider = self._user['auth-provider']['config']
260263
provider.value['access-token'] = token_response['accessToken']

Diff for: config/kube_config_test.py

+68-5
Original file line numberDiff line numberDiff line change
@@ -457,6 +457,20 @@ class TestKubeConfigLoader(BaseTestCase):
457457
"user": "azure_str_error"
458458
}
459459
},
460+
{
461+
"name": "azure_no_apiserver",
462+
"context": {
463+
"cluster": "default",
464+
"user": "azure_no_apiserver"
465+
}
466+
},
467+
{
468+
"name": "azure_bad_apiserver",
469+
"context": {
470+
"cluster": "default",
471+
"user": "azure_bad_apiserver"
472+
}
473+
},
460474
{
461475
"name": "expired_oidc",
462476
"context": {
@@ -647,7 +661,7 @@ class TestKubeConfigLoader(BaseTestCase):
647661
"auth-provider": {
648662
"config": {
649663
"access-token": TEST_AZURE_TOKEN,
650-
"apiserver-id": "ApiserverId",
664+
"apiserver-id": "00000002-0000-0000-c000-000000000000",
651665
"environment": "AzurePublicCloud",
652666
"refresh-token": "refreshToken",
653667
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
@@ -662,7 +676,7 @@ class TestKubeConfigLoader(BaseTestCase):
662676
"auth-provider": {
663677
"config": {
664678
"access-token": TEST_AZURE_TOKEN,
665-
"apiserver-id": "ApiserverId",
679+
"apiserver-id": "00000002-0000-0000-c000-000000000000",
666680
"environment": "AzurePublicCloud",
667681
"expires-in": "0",
668682
"expires-on": "156207275",
@@ -679,7 +693,7 @@ class TestKubeConfigLoader(BaseTestCase):
679693
"auth-provider": {
680694
"config": {
681695
"access-token": TEST_AZURE_TOKEN,
682-
"apiserver-id": "ApiserverId",
696+
"apiserver-id": "00000002-0000-0000-c000-000000000000",
683697
"environment": "AzurePublicCloud",
684698
"expires-in": "0",
685699
"expires-on": "2018-10-18 00:52:29.044727",
@@ -696,7 +710,7 @@ class TestKubeConfigLoader(BaseTestCase):
696710
"auth-provider": {
697711
"config": {
698712
"access-token": TEST_AZURE_TOKEN,
699-
"apiserver-id": "ApiserverId",
713+
"apiserver-id": "00000002-0000-0000-c000-000000000000",
700714
"environment": "AzurePublicCloud",
701715
"expires-in": "0",
702716
"expires-on": "2018-10-18 00:52",
@@ -713,7 +727,7 @@ class TestKubeConfigLoader(BaseTestCase):
713727
"auth-provider": {
714728
"config": {
715729
"access-token": TEST_AZURE_TOKEN,
716-
"apiserver-id": "ApiserverId",
730+
"apiserver-id": "00000002-0000-0000-c000-000000000000",
717731
"environment": "AzurePublicCloud",
718732
"expires-in": "0",
719733
"expires-on": "-1",
@@ -724,6 +738,39 @@ class TestKubeConfigLoader(BaseTestCase):
724738
}
725739
}
726740
},
741+
{
742+
"name": "azure_no_apiserver",
743+
"user": {
744+
"auth-provider": {
745+
"config": {
746+
"access-token": TEST_AZURE_TOKEN,
747+
"environment": "AzurePublicCloud",
748+
"expires-in": "0",
749+
"expires-on": "156207275",
750+
"refresh-token": "refreshToken",
751+
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
752+
},
753+
"name": "azure"
754+
}
755+
}
756+
},
757+
{
758+
"name": "azure_bad_apiserver",
759+
"user": {
760+
"auth-provider": {
761+
"config": {
762+
"access-token": TEST_AZURE_TOKEN,
763+
"apiserver-id": "ApiserverId",
764+
"environment": "AzurePublicCloud",
765+
"expires-in": "0",
766+
"expires-on": "156207275",
767+
"refresh-token": "refreshToken",
768+
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
769+
},
770+
"name": "azure"
771+
}
772+
}
773+
},
727774
{
728775
"name": "expired_oidc",
729776
"user": {
@@ -1047,6 +1094,22 @@ def test_azure_with_expired_int_error(self):
10471094
provider = loader._user['auth-provider']
10481095
self.assertRaises(ValueError, loader._azure_is_expired, provider)
10491096

1097+
def test_azure_with_no_apiserver(self):
1098+
loader = KubeConfigLoader(
1099+
config_dict=self.TEST_KUBE_CONFIG,
1100+
active_context="azure_no_apiserver",
1101+
)
1102+
provider = loader._user['auth-provider']
1103+
self.assertTrue(loader._azure_is_expired(provider))
1104+
1105+
def test_azure_with_bad_apiserver(self):
1106+
loader = KubeConfigLoader(
1107+
config_dict=self.TEST_KUBE_CONFIG,
1108+
active_context="azure_bad_apiserver",
1109+
)
1110+
provider = loader._user['auth-provider']
1111+
self.assertTrue(loader._azure_is_expired(provider))
1112+
10501113
def test_user_pass(self):
10511114
expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN)
10521115
actual = FakeConfig()

0 commit comments

Comments
 (0)