From 8091a30b5972614796e7d22bf533bd3a61272ee2 Mon Sep 17 00:00:00 2001 From: radekfojtik <68660951+radekfojtik@users.noreply.github.com> Date: Tue, 31 Oct 2023 15:24:04 +0100 Subject: [PATCH 1/4] TriggerAuth-podIdentity.identityId - validation removed (operator) Signed-off-by: radekfojtik <68660951+radekfojtik@users.noreply.github.com> --- .../v1alpha1/triggerauthentication_webhook.go | 24 ++++++++++++++----- pkg/scaling/resolver/scale_resolvers.go | 3 --- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/apis/keda/v1alpha1/triggerauthentication_webhook.go b/apis/keda/v1alpha1/triggerauthentication_webhook.go index 72b14e1b388..76b774dcd33 100644 --- a/apis/keda/v1alpha1/triggerauthentication_webhook.go +++ b/apis/keda/v1alpha1/triggerauthentication_webhook.go @@ -107,15 +107,27 @@ func isTriggerAuthenticationRemovingFinalizer(om metav1.ObjectMeta, oldOm metav1 } func validateSpec(spec *TriggerAuthenticationSpec) (admission.Warnings, error) { - if spec.PodIdentity != nil { - switch spec.PodIdentity.Provider { + err := validatePodIdentityId(spec.PodIdentity) + if err != nil { + return nil, err + } + return nil, nil +} + +func validatePodIdentityId(podIdentity *AuthPodIdentity) error { + if podIdentity != nil { + switch podIdentity.Provider { case PodIdentityProviderAzure, PodIdentityProviderAzureWorkload: - if spec.PodIdentity.IdentityID != nil && *spec.PodIdentity.IdentityID == "" { - return nil, fmt.Errorf("identityid of PodIdentity should not be empty. If it's set, identityId has to be different than \"\"") + if isEmptyString(podIdentity.IdentityID) { + return fmt.Errorf("identityid of PodIdentity should not be empty. If it's set, identityId has to be different than \"\"") } default: - return nil, nil + return nil } } - return nil, nil + return nil } + +func isEmptyString(str *string) bool { + return str != nil && *str == "" +} \ No newline at end of file diff --git a/pkg/scaling/resolver/scale_resolvers.go b/pkg/scaling/resolver/scale_resolvers.go index 99eb4e9fb1f..6b0444f83d4 100644 --- a/pkg/scaling/resolver/scale_resolvers.go +++ b/pkg/scaling/resolver/scale_resolvers.go @@ -202,9 +202,6 @@ func ResolveAuthRefAndPodIdentity(ctx context.Context, client client.Client, log // FIXME: Delete this for v2.15 logger.Info("WARNING: Azure AD Pod Identity has been archived (https://github.com/Azure/aad-pod-identity#-announcement) and will be removed from KEDA on v2.15") } - if podIdentity.IdentityID != nil && *podIdentity.IdentityID == "" { - return nil, kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderNone}, fmt.Errorf("IdentityID of PodIdentity should not be empty") - } default: } return authParams, podIdentity, nil From 4befa5f67f9158bcbcafc4a021dbd6ea9e82b898 Mon Sep 17 00:00:00 2001 From: radekfojtik <68660951+radekfojtik@users.noreply.github.com> Date: Tue, 31 Oct 2023 15:32:30 +0100 Subject: [PATCH 2/4] TriggerAuthWebhook-superfluous nil err check before return (fix) Signed-off-by: radekfojtik <68660951+radekfojtik@users.noreply.github.com> --- apis/keda/v1alpha1/triggerauthentication_webhook.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/apis/keda/v1alpha1/triggerauthentication_webhook.go b/apis/keda/v1alpha1/triggerauthentication_webhook.go index 76b774dcd33..33d90e66420 100644 --- a/apis/keda/v1alpha1/triggerauthentication_webhook.go +++ b/apis/keda/v1alpha1/triggerauthentication_webhook.go @@ -108,10 +108,7 @@ func isTriggerAuthenticationRemovingFinalizer(om metav1.ObjectMeta, oldOm metav1 func validateSpec(spec *TriggerAuthenticationSpec) (admission.Warnings, error) { err := validatePodIdentityId(spec.PodIdentity) - if err != nil { - return nil, err - } - return nil, nil + return nil, err } func validatePodIdentityId(podIdentity *AuthPodIdentity) error { From 357fd7047b506a2613d002d605f11ceb29e9ce19 Mon Sep 17 00:00:00 2001 From: radekfojtik <68660951+radekfojtik@users.noreply.github.com> Date: Tue, 31 Oct 2023 15:47:04 +0100 Subject: [PATCH 3/4] TriggerAuthWebhook-ci static check (fix) Signed-off-by: radekfojtik <68660951+radekfojtik@users.noreply.github.com> --- apis/keda/v1alpha1/triggerauthentication_webhook.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apis/keda/v1alpha1/triggerauthentication_webhook.go b/apis/keda/v1alpha1/triggerauthentication_webhook.go index 33d90e66420..449f6f1c53d 100644 --- a/apis/keda/v1alpha1/triggerauthentication_webhook.go +++ b/apis/keda/v1alpha1/triggerauthentication_webhook.go @@ -107,11 +107,11 @@ func isTriggerAuthenticationRemovingFinalizer(om metav1.ObjectMeta, oldOm metav1 } func validateSpec(spec *TriggerAuthenticationSpec) (admission.Warnings, error) { - err := validatePodIdentityId(spec.PodIdentity) + err := validatePodIdentityID(spec.PodIdentity) return nil, err } -func validatePodIdentityId(podIdentity *AuthPodIdentity) error { +func validatePodIdentityID(podIdentity *AuthPodIdentity) error { if podIdentity != nil { switch podIdentity.Provider { case PodIdentityProviderAzure, PodIdentityProviderAzureWorkload: @@ -127,4 +127,4 @@ func validatePodIdentityId(podIdentity *AuthPodIdentity) error { func isEmptyString(str *string) bool { return str != nil && *str == "" -} \ No newline at end of file +} From ecbd6a7a1c1c871a9adc71e90bcaf246dc65c791 Mon Sep 17 00:00:00 2001 From: radekfojtik <68660951+radekfojtik@users.noreply.github.com> Date: Wed, 1 Nov 2023 08:06:25 +0100 Subject: [PATCH 4/4] Changelog added Signed-off-by: radekfojtik <68660951+radekfojtik@users.noreply.github.com> --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4500926390c..39b2fd4dc8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -73,6 +73,7 @@ Here is an overview of all new **experimental** features: - **General**: Fix CVE-2023-39325 in golang.org/x/net ([#5122](https://github.com/kedacore/keda/issues/5122)) - **General**: Prevented stuck status due to timeouts during scalers generation ([#5083](https://github.com/kedacore/keda/issues/5083)) +- **General**: TriggerAuthentication - validation `identityId` removed from the operator ([#5109](https://github.com/kedacore/keda/issues/5109)) - **Azure Pipelines**: No more HTTP 400 errors produced by poolName with spaces ([#5107](https://github.com/kedacore/keda/issues/5107)) - **ScaledJobs**: Copy ScaledJob annotations to child Jobs ([#4594](https://github.com/kedacore/keda/issues/4594))