From efcd9c671125a02745905f42b9283e85d9c23578 Mon Sep 17 00:00:00 2001
From: Bhaskar Brahma <bhbrahma@microsoft.com>
Date: Fri, 19 Jul 2019 13:38:07 -0700
Subject: [PATCH] Added schema for msi to protectedSettings for CSE Linux

---
 main/schema.go      | 18 +++++++++++++++++-
 main/schema_test.go | 12 ++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/main/schema.go b/main/schema.go
index a4c6a22..58083bd 100644
--- a/main/schema.go
+++ b/main/schema.go
@@ -73,7 +73,23 @@ const (
       "description": "Key for the Azure Storage Account (a base64 encoded string)",
       "type": "string",
       "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"
-    }
+    },
+	"managedServiceIdentity": {
+      "description": "Setting to use Managed Service Identity to try to download fileUri from azure blob",
+      "type": "object",
+      "properties": {
+        "objectId": {
+          "description": "Object id that identifies the user created managed identity",
+		  "type": "string",
+		  "pattern": "^(?:[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12})$"
+        },
+        "clientId": {
+          "description": "Client id that identifies the user created managed identity",
+		  "type": "string",
+	       "pattern": "^(?:[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12})$"
+        }
+      }
+	}
   },
   "additionalProperties": false
 }`
diff --git a/main/schema_test.go b/main/schema_test.go
index d5265a0..a366aee 100644
--- a/main/schema_test.go
+++ b/main/schema_test.go
@@ -144,3 +144,15 @@ func TestValidateProtectedSettings_storageAccountKey(t *testing.T) {
 	require.Nil(t, validateProtectedSettings(`{"storageAccountKey": "A+hMRrsZQ6COPXTYX/EiKiF2HVtfhCfLDo3Dkc3ekKoX3jA58zXVG2QRe/C1+zdEFSrVX6FZsKyivsSlnwmWOw=="}`), "ok")
 	require.Nil(t, validateProtectedSettings(`{"storageAccountKey": "/yGnx6KyxQ8Pjzk0QXeY+66Du0BeTWaCt83la59w72hu/81e6TzskXXvL/IlO3q6g0k0kJrR9MYQNi+cNR3SXA=="}`), "ok")
 }
+
+func TestValidateProtectedSettings_managedServiceIdentity(t *testing.T) {
+	require.NoError(t, validateProtectedSettings(`{"managedServiceIdentity": { "clientId": "31b403aa-c364-4240-a7ff-d85fb6cd7232"}}`),
+		"couldn't parse msi proprety with lowercase guid")
+	require.NoError(t, validateProtectedSettings(`{"managedServiceIdentity": { "objectId": "31B403AA-C364-4240-A7FF-D85FB6CD7232"}}`),
+		"couldn't parse msi property with uppercase guid")
+	require.NoError(t, validateProtectedSettings(`{"managedServiceIdentity": { }}`),
+		"couldn't parse msi property without clientId or objectId")
+
+	require.Error(t, validateProtectedSettings(`{"managedServiceIdentity": { "clientId": "notaguid"}}`),
+		"guid validation succeded when expected to fail")
+}