Added changes for using MSI to download scripts with CSE

2019-07-22 17:24:14 -07:00 · 2019-07-22 17:24:14 -07:00 · d072d784e6
--- a/main/handlersettings.go
+++ b/main/handlersettings.go
@ -73,7 +73,7 @@ func (h handlerSettings) validate() error {
 	}

 	if h.protectedSettings.ManagedServiceIdentity.ClientId != "" && h.protectedSettings.ManagedServiceIdentity.ObjectId != "" {
-
+		return errUsingBothClientIdAndObjectId
 	}

 	return nil
--- a/main/handlersettings_test.go
+++ b/main/handlersettings_test.go
@ -102,14 +102,26 @@ func Test_managedSystemIdentityVerification(t *testing.T) {
 		},
 	}}.validate(), "validation failed for settings with MSI")

-	require.Error(t, handlerSettings{publicSettings{}, protectedSettings{
-		CommandToExecute:   "echo hi",
-		StorageAccountName: "name",
-		StorageAccountKey:  "key",
-		ManagedServiceIdentity: clientOrObjectId{
-			ObjectId: "31b403aa-c364-4240-a7ff-d85fb6cd7232",
-		},
-	}}.validate(), "validation didn't fail for settings with both MSI and storage account")
+	require.Equal(t, errUsingBothKeyAndMsi,
+		handlerSettings{publicSettings{},
+			protectedSettings{
+				CommandToExecute:   "echo hi",
+				StorageAccountName: "name",
+				StorageAccountKey:  "key",
+				ManagedServiceIdentity: clientOrObjectId{
+					ObjectId: "31b403aa-c364-4240-a7ff-d85fb6cd7232",
+				},
+			}}.validate(), "validation didn't fail for settings with both MSI and storage account")
+
+	require.Equal(t, errUsingBothClientIdAndObjectId,
+		handlerSettings{publicSettings{},
+			protectedSettings{
+				CommandToExecute:   "echo hi",
+				ManagedServiceIdentity: clientOrObjectId{
+					ObjectId: "31b403aa-c364-4240-a7ff-d85fb6cd7232",
+					ClientId: "31b403aa-c364-4240-a7ff-d85fb6cd7232",
+				},
+			}}.validate(), "validation didn't fail for settings with both MSI and storage account")
 }

 func Test_toJSON_empty(t *testing.T) {
--- a/pkg/download/blobwithmsitoken.go
+++ b/pkg/download/blobwithmsitoken.go
@ -0,0 +1,40 @@
+package download
+
+import (
+	"github.com/Azure/azure-extension-foundation/msi"
+	"net/http"
+	"github.com/pkg/errors"
+	"fmt"
+)
+
+const (
+	xMsVersionHeaderName = "x-ms-version"
+	xMsVersionValue = "2018-03-28"
+)
+
+type blobWithMsiToken struct{
+	url string
+	msiProvider msi.MsiProvider
+}
+
+func (self *blobWithMsiToken) GetRequest() (*http.Request, error){
+	msi, err := self.msiProvider.GetMsi()
+	if err != nil {
+		return nil, err
+	}
+	if msi.AccessToken == "" {
+		return nil, errors.New("MSI token was empty")
+	}
+	request, err := http.NewRequest(http.MethodGet, self.url, nil)
+	if err != nil {
+		return nil, err
+	}
+	request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", msi.AccessToken))
+	request.Header.Set(xMsVersionHeaderName, xMsVersionValue)
+	return request, nil
+}
+
+
+func NewBlobWithMsiDownload(url string, msiProvider msi.MsiProvider) Downloader{
+	return &blobWithMsiToken{url,msiProvider}
+}
--- a/pkg/download/blobwithmsitoken_test.go
+++ b/pkg/download/blobwithmsitoken_test.go
@ -0,0 +1 @@
+package download