From 30bc4252711928b86bc0d3068c5beb80cc443bc3 Mon Sep 17 00:00:00 2001 From: Roger Hoem-Martinsen Date: Wed, 3 Jul 2019 09:14:03 +0200 Subject: [PATCH 1/3] fix bug and add method azure is expired --- config/kube_config.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/config/kube_config.py b/config/kube_config.py index 8d36197e2..d3c9d51b8 100644 --- a/config/kube_config.py +++ b/config/kube_config.py @@ -221,13 +221,20 @@ class KubeConfigLoader(object): if provider['name'] == 'oidc': return self._load_oid_token(provider) + def _azure_is_expired(self, provider): + expires_on = provider['config']['expires-on'] + if expires_on.isdigit(): + return int(expires_on) < time.time() + else: + return time.strptime(expires_on, '%Y-%m-%d %H:%M:%S.%f') < time.gmtime() + def _load_azure_token(self, provider): if 'config' not in provider: return if 'access-token' not in provider['config']: return if 'expires-on' in provider['config']: - if int(provider['config']['expires-on']) < time.gmtime(): + if self._azure_is_expired(provider): self._refresh_azure_token(provider['config']) self.token = 'Bearer %s' % provider['config']['access-token'] return self.token From 26e16d0c70e61efd73e91367a2ff8208a160964c Mon Sep 17 00:00:00 2001 From: Roger Hoem-Martinsen Date: Wed, 3 Jul 2019 09:14:38 +0200 Subject: [PATCH 2/3] Add azure config tests --- config/kube_config_test.py | 162 +++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) diff --git a/config/kube_config_test.py b/config/kube_config_test.py index d89a2a50a..04f6b11e5 100644 --- a/config/kube_config_test.py +++ b/config/kube_config_test.py @@ -130,6 +130,10 @@ TEST_OIDC_INVALID_PADDING_LENGTH = ".".join([ TEST_OIDC_CA = _base64(TEST_CERTIFICATE_AUTH) +TEST_AZURE_LOGIN = TEST_OIDC_LOGIN +TEST_AZURE_TOKEN = "test-azure-token" +TEST_AZURE_TOKEN_FULL = "Bearer " + TEST_AZURE_TOKEN + class BaseTestCase(unittest.TestCase): @@ -420,6 +424,41 @@ class TestKubeConfigLoader(BaseTestCase): "user": "oidc" } }, + { + "name": "azure", + "context": { + "cluster": "default", + "user": "azure" + } + }, + { + "name": "azure_num", + "context": { + "cluster": "default", + "user": "azure_num" + } + }, + { + "name": "azure_str", + "context": { + "cluster": "default", + "user": "azure_str" + } + }, + { + "name": "azure_num_error", + "context": { + "cluster": "default", + "user": "azure_str_error" + } + }, + { + "name": "azure_str_error", + "context": { + "cluster": "default", + "user": "azure_str_error" + } + }, { "name": "expired_oidc", "context": { @@ -603,6 +642,89 @@ class TestKubeConfigLoader(BaseTestCase): } } }, + { + "name": "azure", + "user": { + "auth-provider": { + "config": { + "access-token": TEST_AZURE_TOKEN, + "apiserver-id": "ApiserverId", + "environment": "AzurePublicCloud", + "refresh-token": "refreshToken", + "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" + }, + "name": "azure" + } + } + }, + { + "name": "azure_num", + "user": { + "auth-provider": { + "config": { + "access-token": TEST_AZURE_TOKEN, + "apiserver-id": "ApiserverId", + "environment": "AzurePublicCloud", + "expires-in": "0", + "expires-on": "156207275", + "refresh-token": "refreshToken", + "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" + }, + "name": "azure" + } + } + }, + { + "name": "azure_str", + "user": { + "auth-provider": { + "config": { + "access-token": TEST_AZURE_TOKEN, + "apiserver-id": "ApiserverId", + "environment": "AzurePublicCloud", + "expires-in": "0", + "expires-on": "2018-10-18 00:52:29.044727", + "refresh-token": "refreshToken", + "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" + }, + "name": "azure" + } + } + }, + { + "name": "azure_str_error", + "user": { + "auth-provider": { + "config": { + "access-token": TEST_AZURE_TOKEN, + "apiserver-id": "ApiserverId", + "environment": "AzurePublicCloud", + "expires-in": "0", + "expires-on": "2018-10-18 00:52", + "refresh-token": "refreshToken", + "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" + }, + "name": "azure" + } + } + }, + { + "name": "azure_num_error", + "user": { + "auth-provider": { + "config": { + "access-token": TEST_AZURE_TOKEN, + "apiserver-id": "ApiserverId", + "environment": "AzurePublicCloud", + "expires-in": "0", + "expires-on": "-1", + "refresh-token": "refreshToken", + "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" + }, + "name": "azure" + } + } + }, { "name": "expired_oidc", "user": { @@ -886,6 +1008,46 @@ class TestKubeConfigLoader(BaseTestCase): None, ) + def test_azure_no_refresh(self): + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="azure", + ) + self.assertTrue(loader._load_auth_provider_token()) + self.assertEqual(TEST_AZURE_TOKEN_FULL, loader.token) + + def test_azure_with_expired_num(self): + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="azure_num", + ) + provider = loader._user['auth-provider'] + self.assertTrue(loader._azure_is_expired(provider)) + + def test_azure_with_expired_str(self): + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="azure_str", + ) + provider = loader._user['auth-provider'] + self.assertTrue(loader._azure_is_expired(provider)) + + def test_azure_with_expired_str_error(self): + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="azure_str_error", + ) + provider = loader._user['auth-provider'] + self.assertRaises(ValueError, loader._azure_is_expired, provider) + + def test_azure_with_expired_int_error(self): + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="azure_num_error", + ) + provider = loader._user['auth-provider'] + self.assertRaises(ValueError, loader._azure_is_expired, provider) + def test_user_pass(self): expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN) actual = FakeConfig() From 6edea7b245599d766c04842fa7db14eb46a66e12 Mon Sep 17 00:00:00 2001 From: Roger Hoem-Martinsen Date: Wed, 3 Jul 2019 09:29:31 +0200 Subject: [PATCH 3/3] shorten down long line --- config/kube_config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/kube_config.py b/config/kube_config.py index d3c9d51b8..386b82c1e 100644 --- a/config/kube_config.py +++ b/config/kube_config.py @@ -226,7 +226,8 @@ class KubeConfigLoader(object): if expires_on.isdigit(): return int(expires_on) < time.time() else: - return time.strptime(expires_on, '%Y-%m-%d %H:%M:%S.%f') < time.gmtime() + exp_time = time.strptime(expires_on, '%Y-%m-%d %H:%M:%S.%f') + return exp_time < time.gmtime() def _load_azure_token(self, provider): if 'config' not in provider: