Skip to content
This repository has been archived by the owner on Mar 13, 2022. It is now read-only.

Commit

Permalink
Merge pull request #170 from fooka03/bugfix/135_azure_refresh_token
Browse files Browse the repository at this point in the history
Fix azure refresh token apiserver id
  • Loading branch information
k8s-ci-robot authored Oct 9, 2019
2 parents afd1301 + 0b20833 commit 6b65461
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 7 deletions.
7 changes: 5 additions & 2 deletions config/kube_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -249,12 +249,15 @@ def _refresh_azure_token(self, config):
tenant = config['tenant-id']
authority = 'https://login.microsoftonline.com/{}'.format(tenant)
context = adal.AuthenticationContext(
authority, validate_authority=True,
authority, validate_authority=True, api_version='1.0'
)
refresh_token = config['refresh-token']
client_id = config['client-id']
apiserver_id = config.get(
'apiserver-id',
'00000002-0000-0000-c000-000000000000')
token_response = context.acquire_token_with_refresh_token(
refresh_token, client_id, '00000002-0000-0000-c000-000000000000')
refresh_token, client_id, apiserver_id)

provider = self._user['auth-provider']['config']
provider.value['access-token'] = token_response['accessToken']
Expand Down
73 changes: 68 additions & 5 deletions config/kube_config_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,20 @@ class TestKubeConfigLoader(BaseTestCase):
"user": "azure_str_error"
}
},
{
"name": "azure_no_apiserver",
"context": {
"cluster": "default",
"user": "azure_no_apiserver"
}
},
{
"name": "azure_bad_apiserver",
"context": {
"cluster": "default",
"user": "azure_bad_apiserver"
}
},
{
"name": "expired_oidc",
"context": {
Expand Down Expand Up @@ -647,7 +661,7 @@ class TestKubeConfigLoader(BaseTestCase):
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "ApiserverId",
"apiserver-id": "00000002-0000-0000-c000-000000000000",
"environment": "AzurePublicCloud",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
Expand All @@ -662,7 +676,7 @@ class TestKubeConfigLoader(BaseTestCase):
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "ApiserverId",
"apiserver-id": "00000002-0000-0000-c000-000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "156207275",
Expand All @@ -679,7 +693,7 @@ class TestKubeConfigLoader(BaseTestCase):
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "ApiserverId",
"apiserver-id": "00000002-0000-0000-c000-000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "2018-10-18 00:52:29.044727",
Expand All @@ -696,7 +710,7 @@ class TestKubeConfigLoader(BaseTestCase):
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "ApiserverId",
"apiserver-id": "00000002-0000-0000-c000-000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "2018-10-18 00:52",
Expand All @@ -713,7 +727,7 @@ class TestKubeConfigLoader(BaseTestCase):
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "ApiserverId",
"apiserver-id": "00000002-0000-0000-c000-000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "-1",
Expand All @@ -724,6 +738,39 @@ class TestKubeConfigLoader(BaseTestCase):
}
}
},
{
"name": "azure_no_apiserver",
"user": {
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "156207275",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
},
"name": "azure"
}
}
},
{
"name": "azure_bad_apiserver",
"user": {
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "ApiserverId",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "156207275",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
},
"name": "azure"
}
}
},
{
"name": "expired_oidc",
"user": {
Expand Down Expand Up @@ -1047,6 +1094,22 @@ def test_azure_with_expired_int_error(self):
provider = loader._user['auth-provider']
self.assertRaises(ValueError, loader._azure_is_expired, provider)

def test_azure_with_no_apiserver(self):
loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="azure_no_apiserver",
)
provider = loader._user['auth-provider']
self.assertTrue(loader._azure_is_expired(provider))

def test_azure_with_bad_apiserver(self):
loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="azure_bad_apiserver",
)
provider = loader._user['auth-provider']
self.assertTrue(loader._azure_is_expired(provider))

def test_user_pass(self):
expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN)
actual = FakeConfig()
Expand Down

0 comments on commit 6b65461

Please sign in to comment.