Merge pull request #170 from fooka03/bugfix/135_azure_refresh_token
Fix azure refresh token apiserver id
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
6b65461312
@ -249,12 +249,15 @@ class KubeConfigLoader(object):
|
||||
tenant = config['tenant-id']
|
||||
authority = 'https://login.microsoftonline.com/{}'.format(tenant)
|
||||
context = adal.AuthenticationContext(
|
||||
authority, validate_authority=True,
|
||||
authority, validate_authority=True, api_version='1.0'
|
||||
)
|
||||
refresh_token = config['refresh-token']
|
||||
client_id = config['client-id']
|
||||
apiserver_id = config.get(
|
||||
'apiserver-id',
|
||||
'00000002-0000-0000-c000-000000000000')
|
||||
token_response = context.acquire_token_with_refresh_token(
|
||||
refresh_token, client_id, '00000002-0000-0000-c000-000000000000')
|
||||
refresh_token, client_id, apiserver_id)
|
||||
|
||||
provider = self._user['auth-provider']['config']
|
||||
provider.value['access-token'] = token_response['accessToken']
|
||||
|
||||
@ -457,6 +457,20 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
"user": "azure_str_error"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "azure_no_apiserver",
|
||||
"context": {
|
||||
"cluster": "default",
|
||||
"user": "azure_no_apiserver"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "azure_bad_apiserver",
|
||||
"context": {
|
||||
"cluster": "default",
|
||||
"user": "azure_bad_apiserver"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "expired_oidc",
|
||||
"context": {
|
||||
@ -647,7 +661,7 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
"auth-provider": {
|
||||
"config": {
|
||||
"access-token": TEST_AZURE_TOKEN,
|
||||
"apiserver-id": "ApiserverId",
|
||||
"apiserver-id": "00000002-0000-0000-c000-000000000000",
|
||||
"environment": "AzurePublicCloud",
|
||||
"refresh-token": "refreshToken",
|
||||
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
|
||||
@ -662,7 +676,7 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
"auth-provider": {
|
||||
"config": {
|
||||
"access-token": TEST_AZURE_TOKEN,
|
||||
"apiserver-id": "ApiserverId",
|
||||
"apiserver-id": "00000002-0000-0000-c000-000000000000",
|
||||
"environment": "AzurePublicCloud",
|
||||
"expires-in": "0",
|
||||
"expires-on": "156207275",
|
||||
@ -679,7 +693,7 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
"auth-provider": {
|
||||
"config": {
|
||||
"access-token": TEST_AZURE_TOKEN,
|
||||
"apiserver-id": "ApiserverId",
|
||||
"apiserver-id": "00000002-0000-0000-c000-000000000000",
|
||||
"environment": "AzurePublicCloud",
|
||||
"expires-in": "0",
|
||||
"expires-on": "2018-10-18 00:52:29.044727",
|
||||
@ -696,7 +710,7 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
"auth-provider": {
|
||||
"config": {
|
||||
"access-token": TEST_AZURE_TOKEN,
|
||||
"apiserver-id": "ApiserverId",
|
||||
"apiserver-id": "00000002-0000-0000-c000-000000000000",
|
||||
"environment": "AzurePublicCloud",
|
||||
"expires-in": "0",
|
||||
"expires-on": "2018-10-18 00:52",
|
||||
@ -713,7 +727,7 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
"auth-provider": {
|
||||
"config": {
|
||||
"access-token": TEST_AZURE_TOKEN,
|
||||
"apiserver-id": "ApiserverId",
|
||||
"apiserver-id": "00000002-0000-0000-c000-000000000000",
|
||||
"environment": "AzurePublicCloud",
|
||||
"expires-in": "0",
|
||||
"expires-on": "-1",
|
||||
@ -724,6 +738,39 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "azure_no_apiserver",
|
||||
"user": {
|
||||
"auth-provider": {
|
||||
"config": {
|
||||
"access-token": TEST_AZURE_TOKEN,
|
||||
"environment": "AzurePublicCloud",
|
||||
"expires-in": "0",
|
||||
"expires-on": "156207275",
|
||||
"refresh-token": "refreshToken",
|
||||
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
|
||||
},
|
||||
"name": "azure"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "azure_bad_apiserver",
|
||||
"user": {
|
||||
"auth-provider": {
|
||||
"config": {
|
||||
"access-token": TEST_AZURE_TOKEN,
|
||||
"apiserver-id": "ApiserverId",
|
||||
"environment": "AzurePublicCloud",
|
||||
"expires-in": "0",
|
||||
"expires-on": "156207275",
|
||||
"refresh-token": "refreshToken",
|
||||
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
|
||||
},
|
||||
"name": "azure"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "expired_oidc",
|
||||
"user": {
|
||||
@ -1047,6 +1094,22 @@ class TestKubeConfigLoader(BaseTestCase):
|
||||
provider = loader._user['auth-provider']
|
||||
self.assertRaises(ValueError, loader._azure_is_expired, provider)
|
||||
|
||||
def test_azure_with_no_apiserver(self):
|
||||
loader = KubeConfigLoader(
|
||||
config_dict=self.TEST_KUBE_CONFIG,
|
||||
active_context="azure_no_apiserver",
|
||||
)
|
||||
provider = loader._user['auth-provider']
|
||||
self.assertTrue(loader._azure_is_expired(provider))
|
||||
|
||||
def test_azure_with_bad_apiserver(self):
|
||||
loader = KubeConfigLoader(
|
||||
config_dict=self.TEST_KUBE_CONFIG,
|
||||
active_context="azure_bad_apiserver",
|
||||
)
|
||||
provider = loader._user['auth-provider']
|
||||
self.assertTrue(loader._azure_is_expired(provider))
|
||||
|
||||
def test_user_pass(self):
|
||||
expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN)
|
||||
actual = FakeConfig()
|
||||
|
||||
Loading…
Reference in New Issue
Block a user