зеркало из https://github.com/Azure/aks-engine.git
97 строки
3.2 KiB
Go
97 строки
3.2 KiB
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"strconv"
|
|
"testing"
|
|
|
|
"os"
|
|
|
|
"github.com/Azure/acs-engine/pkg/api"
|
|
"github.com/Azure/acs-engine/pkg/armhelpers"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
const ExampleAPIModel = `{
|
|
"apiVersion": "vlabs",
|
|
"properties": {
|
|
"orchestratorProfile": { "orchestratorType": "Kubernetes", "kubernetesConfig": { "useManagedIdentity": %s, "etcdVersion" : "2.3.8" } },
|
|
"masterProfile": { "count": 1, "dnsPrefix": "", "vmSize": "Standard_D2_v2" },
|
|
"agentPoolProfiles": [ { "name": "linuxpool1", "count": 2, "vmSize": "Standard_D2_v2", "availabilityProfile": "AvailabilitySet" } ],
|
|
"windowsProfile": { "adminUsername": "azureuser", "adminPassword": "replacepassword1234$" },
|
|
"linuxProfile": { "adminUsername": "azureuser", "ssh": { "publicKeys": [ { "keyData": "" } ] }
|
|
},
|
|
"servicePrincipalProfile": { "clientId": "%s", "secret": "%s" }
|
|
}
|
|
}
|
|
`
|
|
|
|
func getExampleAPIModel(useManagedIdentity bool, clientID, clientSecret string) string {
|
|
return fmt.Sprintf(
|
|
ExampleAPIModel,
|
|
strconv.FormatBool(useManagedIdentity),
|
|
clientID,
|
|
clientSecret)
|
|
}
|
|
|
|
func TestAutofillApimodelWithoutManagedIdentityCreatesCreds(t *testing.T) {
|
|
testAutodeployCredentialHandling(t, false, "", "")
|
|
}
|
|
|
|
func TestAutofillApimodelWithManagedIdentitySkipsCreds(t *testing.T) {
|
|
testAutodeployCredentialHandling(t, true, "", "")
|
|
}
|
|
|
|
func TestAutofillApimodelAllowsPrespecifiedCreds(t *testing.T) {
|
|
testAutodeployCredentialHandling(t, false, "clientID", "clientSecret")
|
|
}
|
|
|
|
func testAutodeployCredentialHandling(t *testing.T, useManagedIdentity bool, clientID, clientSecret string) {
|
|
apiloader := &api.Apiloader{
|
|
Translator: nil,
|
|
}
|
|
|
|
apimodel := getExampleAPIModel(useManagedIdentity, clientID, clientSecret)
|
|
cs, ver, err := apiloader.DeserializeContainerService([]byte(apimodel), false, false, nil)
|
|
if err != nil {
|
|
t.Fatalf("unexpected error deserializing the example apimodel: %s", err)
|
|
}
|
|
|
|
// deserialization happens in validate(), but we are testing just the default
|
|
// setting that occurs in autofillApimodel (which is called from validate)
|
|
// Thus, it assumes that containerService/apiVersion are already populated
|
|
deployCmd := &deployCmd{
|
|
apimodelPath: "./this/is/unused.json",
|
|
dnsPrefix: "dnsPrefix1",
|
|
outputDirectory: "_test_output",
|
|
location: "westus",
|
|
|
|
containerService: cs,
|
|
apiVersion: ver,
|
|
|
|
client: &armhelpers.MockACSEngineClient{},
|
|
}
|
|
|
|
autofillApimodel(deployCmd)
|
|
|
|
// cleanup, since auto-populations creates dirs and saves the SSH private key that it might create
|
|
defer os.RemoveAll(deployCmd.outputDirectory)
|
|
|
|
cs, _, err = revalidateApimodel(apiloader, cs, ver)
|
|
if err != nil {
|
|
log.Fatalf("unexpected error validating apimodel after populating defaults: %s", err)
|
|
}
|
|
|
|
if useManagedIdentity {
|
|
if cs.Properties.ServicePrincipalProfile != nil &&
|
|
(cs.Properties.ServicePrincipalProfile.ClientID != "" || cs.Properties.ServicePrincipalProfile.Secret != "") {
|
|
log.Fatalf("Unexpected credentials were populated even though MSI was active.")
|
|
}
|
|
} else {
|
|
if cs.Properties.ServicePrincipalProfile == nil ||
|
|
cs.Properties.ServicePrincipalProfile.ClientID == "" || cs.Properties.ServicePrincipalProfile.Secret == "" {
|
|
log.Fatalf("Credentials were missing even though MSI was not active.")
|
|
}
|
|
}
|
|
}
|