AB#1877 Set location in azure cloud config

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-03-29 17:31:18 +02:00 committed by Daniel Weiße
parent 719b6d5f6f
commit 3282995bda
6 changed files with 13 additions and 5 deletions

View File

@ -51,6 +51,7 @@ func (c *Client) CreateServicePrincipal(ctx context.Context) (string, error) {
TenantID: c.tenantID,
ClientID: createAppRes.AppID,
ClientSecret: clientSecret,
Location: c.location,
}.ConvertToCloudServiceAccountURI(), nil
}
@ -169,6 +170,7 @@ type ApplicationCredentials struct {
TenantID string
ClientID string
ClientSecret string
Location string
}
// ConvertToCloudServiceAccountURI converts the ApplicationCredentials into a cloud service account URI.
@ -177,6 +179,7 @@ func (c ApplicationCredentials) ConvertToCloudServiceAccountURI() string {
query.Add("tenant_id", c.TenantID)
query.Add("client_id", c.ClientID)
query.Add("client_secret", c.ClientSecret)
query.Add("location", c.Location)
uri := url.URL{
Scheme: "serviceaccount",
Host: "azure",

View File

@ -366,6 +366,7 @@ func TestConvertToCloudServiceAccountURI(t *testing.T) {
TenantID: "tenant-id",
ClientID: "client-id",
ClientSecret: "client-secret",
Location: "location",
}
cloudServiceAccountURI := key.ConvertToCloudServiceAccountURI()
@ -378,5 +379,6 @@ func TestConvertToCloudServiceAccountURI(t *testing.T) {
"tenant_id": []string{"tenant-id"},
"client_id": []string{"client-id"},
"client_secret": []string{"client-secret"},
"location": []string{"location"},
}, query)
}

View File

@ -69,6 +69,7 @@ func (c *CloudControllerManager) Secrets(instance core.Instance, cloudServiceAcc
ResourceGroup: resourceGroup,
UseInstanceMetadata: true,
VmType: vmType,
Location: creds.Location,
AADClientID: creds.ClientID,
AADClientSecret: creds.ClientSecret,
}

View File

@ -20,7 +20,7 @@ func TestSecrets(t *testing.T) {
}{
"Secrets works": {
instance: core.Instance{ProviderID: "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachines/instance-name"},
cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret",
cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",
expectedSecrets: resources.Secrets{
&k8s.Secret{
TypeMeta: meta.TypeMeta{
@ -32,14 +32,14 @@ func TestSecrets(t *testing.T) {
Namespace: "kube-system",
},
Data: map[string][]byte{
"azure.json": []byte(`{"cloud":"AzurePublicCloud","tenantId":"tenant-id","subscriptionId":"subscription-id","resourceGroup":"resource-group","useInstanceMetadata":true,"vmType":"standard","aadClientId":"client-id","aadClientSecret":"client-secret"}`),
"azure.json": []byte(`{"cloud":"AzurePublicCloud","tenantId":"tenant-id","subscriptionId":"subscription-id","resourceGroup":"resource-group","location":"location","useInstanceMetadata":true,"vmType":"standard","aadClientId":"client-id","aadClientSecret":"client-secret"}`),
},
},
},
},
"Secrets works for scale sets": {
instance: core.Instance{ProviderID: "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id"},
cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret",
cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",
expectedSecrets: resources.Secrets{
&k8s.Secret{
TypeMeta: meta.TypeMeta{
@ -51,7 +51,7 @@ func TestSecrets(t *testing.T) {
Namespace: "kube-system",
},
Data: map[string][]byte{
"azure.json": []byte(`{"cloud":"AzurePublicCloud","tenantId":"tenant-id","subscriptionId":"subscription-id","resourceGroup":"resource-group","useInstanceMetadata":true,"vmType":"vmss","aadClientId":"client-id","aadClientSecret":"client-secret"}`),
"azure.json": []byte(`{"cloud":"AzurePublicCloud","tenantId":"tenant-id","subscriptionId":"subscription-id","resourceGroup":"resource-group","location":"location","useInstanceMetadata":true,"vmType":"vmss","aadClientId":"client-id","aadClientSecret":"client-secret"}`),
},
},
},

View File

@ -24,5 +24,6 @@ func getApplicationCredentials(cloudServiceAccountURI string) (client.Applicatio
TenantID: query.Get("tenant_id"),
ClientID: query.Get("client_id"),
ClientSecret: query.Get("client_secret"),
Location: query.Get("location"),
}, nil
}

View File

@ -13,6 +13,7 @@ func TestGetApplicationCredentials(t *testing.T) {
TenantID: "tenant-id",
ClientID: "client-id",
ClientSecret: "client-secret",
Location: "location",
}
testCases := map[string]struct {
cloudServiceAccountURI string
@ -20,7 +21,7 @@ func TestGetApplicationCredentials(t *testing.T) {
expectErr bool
}{
"getApplicationCredentials works": {
cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret",
cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",
expectedCreds: creds,
},
"invalid URI fails": {