refactor: Add auth_config mock (#528)

Signed-off-by: Heba Elayoty <hebaelayoty@gmail.com>
virtual-kubelet · Apr 11, 2023 · 47ee054 · 47ee054
1 parent 7e523b0
commit 47ee054
Show file tree

Hide file tree

Showing 4 changed files with 171 additions and 110 deletions.
diff --git a/pkg/auth/auth.go → pkg/auth/auth_config.go b/pkg/auth/auth.go → pkg/auth/auth_config.go
@@ -5,23 +5,17 @@ Licensed under the Apache 2.0 license.
 package auth
 
 import (
- "bytes"
  "context"
- "encoding/binary"
- "encoding/json"
  "fmt"
- "io/ioutil"
  "os"
  "strings"
- "unicode/utf16"
 
  "github.com/Azure/azure-sdk-for-go/sdk/azcore"
  _ "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
  "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/go-autorest/autorest"
  "github.com/Azure/go-autorest/autorest/adal"
- "github.com/dimchansky/utfbom"
  "github.com/pkg/errors"
  "github.com/virtual-kubelet/virtual-kubelet/log"
  "github.com/virtual-kubelet/virtual-kubelet/trace"
@@ -35,6 +29,12 @@ const (
  AzureChinaCloud CloudEnvironmentName = "AzureChinaCloud"
 )
 
+type ConfigInterface interface {
+ GetMSICredential(ctx context.Context) (*azidentity.ManagedIdentityCredential, error)
+ GetSPCredential(ctx context.Context) (*azidentity.ClientSecretCredential, error)
+ GetAuthorizer(ctx context.Context, resource string) (autorest.Authorizer, error)
+}
+
 type Config struct {
  AKSCredential *aksCredential
  AuthConfig *Authentication
@@ -74,8 +74,8 @@ func (c *Config) GetSPCredential(ctx context.Context) (*azidentity.ClientSecretC
  return spCredential, nil
 }
 
-// getAuthorizer return autorest authorizer.
-func (c *Config) getAuthorizer(ctx context.Context, resource string) (autorest.Authorizer, error) {
+// GetAuthorizer return autorest authorizer.
+func (c *Config) GetAuthorizer(ctx context.Context, resource string) (autorest.Authorizer, error) {
  var auth autorest.Authorizer
  var err error
 
@@ -186,109 +186,14 @@ func (c *Config) SetAuthConfig(ctx context.Context) error {
 
  resource := c.Cloud.Services[cloud.ResourceManager].Endpoint
 
- c.Authorizer, err = c.getAuthorizer(ctx, resource)
+ c.Authorizer, err = c.GetAuthorizer(ctx, resource)
  if err != nil {
  return err
  }
 
  return nil
 }
 
-// Authentication represents the Authentication file for Azure.
-type Authentication struct {
- ClientID string `json:"clientId,omitempty"`
- ClientSecret string `json:"clientSecret,omitempty"`
- SubscriptionID string `json:"subscriptionId,omitempty"`
- TenantID string `json:"tenantId,omitempty"`
- UserIdentityClientId string `json:"userIdentityClientId,omitempty"`
-}
-
-// newAuthenticationFromFile returns an Authentication struct from file path.
-func (a *Authentication) newAuthenticationFromFile(filepath string) error {
- b, err := ioutil.ReadFile(filepath)
- if err != nil {
- return fmt.Errorf("reading Authentication file %q failed: %v", filepath, err)
- }
-
- // Authentication file might be encoded.
- decoded, err := a.decode(b)
- if err != nil {
- return fmt.Errorf("decoding Authentication file %q failed: %v", filepath, err)
- }
-
- // Unmarshal the Authentication file.
- if err := json.Unmarshal(decoded, &a); err != nil {
- return err
- }
- return nil
-}
-
-// NewAuthentication returns an Authentication struct from user provided credentials.
-func NewAuthentication(clientID, clientSecret, subscriptionID, tenantID, userAssignedIdentityID string) *Authentication {
- return &Authentication{
- ClientID: clientID,
- ClientSecret: clientSecret,
- SubscriptionID: subscriptionID,
- TenantID: tenantID,
- UserIdentityClientId: userAssignedIdentityID,
- }
-}
-
-// aksCredential represents the credential file for AKS
-type aksCredential struct {
- Cloud string `json:"cloud"`
- TenantID string `json:"tenantId"`
- SubscriptionID string `json:"subscriptionId"`
- ClientID string `json:"aadClientId"`
- ClientSecret string `json:"aadClientSecret"`
- ResourceGroup string `json:"resourceGroup"`
- Region string `json:"location"`
- VNetName string `json:"vnetName"`
- VNetResourceGroup string `json:"vnetResourceGroup"`
- UserAssignedIdentityID string `json:"userAssignedIdentityID"`
-}
-
-// newAKSCredential returns an aksCredential struct from file path.
-func newAKSCredential(ctx context.Context, filePath string) (*aksCredential, error) {
- logger := log.G(ctx).WithField("method", "newAKSCredential").WithField("file", filePath)
- logger.Debug("Reading AKS credential file")
-
- b, err := ioutil.ReadFile(filePath)
- if err != nil {
- return nil, fmt.Errorf("reading AKS credential file %q failed: %v", filePath, err)
- }
-
- // Unmarshal the Authentication file.
- var cred aksCredential
- if err := json.Unmarshal(b, &cred); err != nil {
- return nil, err
- }
- logger.Debug("load AKS credential file successfully")
- return &cred, nil
-}
-
-func (a *Authentication) decode(b []byte) ([]byte, error) {
- reader, enc := utfbom.Skip(bytes.NewReader(b))
-
- switch enc {
- case utfbom.UTF16LittleEndian:
- u16 := make([]uint16, (len(b)/2)-1)
- err := binary.Read(reader, binary.LittleEndian, &u16)
- if err != nil {
- return nil, err
- }
- return []byte(string(utf16.Decode(u16))), nil
- case utfbom.UTF16BigEndian:
- u16 := make([]uint16, (len(b)/2)-1)
- err := binary.Read(reader, binary.BigEndian, &u16)
- if err != nil {
- return nil, err
- }
- return []byte(string(utf16.Decode(u16))), nil
- }
- return ioutil.ReadAll(reader)
-}
-
 func getCloudConfiguration(cloudName string) cloud.Configuration {
  switch cloudName {
  case string(AzurePublicCloud):

diff --git a/pkg/auth/auth_test.go → pkg/auth/auth_config_test.go b/pkg/auth/auth_test.go → pkg/auth/auth_config_test.go
@@ -6,7 +6,6 @@ package auth
 
 import (
  "context"
- "io/ioutil"
  "os"
  "testing"
 
@@ -25,7 +24,7 @@ const cred = `
 }`
 
 func TestAKSCred(t *testing.T) {
- file, err := ioutil.TempFile("", "aks_auth_test")
+ file, err := os.CreateTemp("", "aks_auth_test")
  if err != nil {
  t.Error(err)
  }
@@ -76,7 +75,7 @@ func TestAKSCred(t *testing.T) {
 }
 
 func TestAKSCredFileNotFound(t *testing.T) {
- file, err := ioutil.TempFile("", "AKS_test")
+ file, err := os.CreateTemp("", "AKS_test")
  if err != nil {
  t.Error(err)
  }
@@ -104,7 +103,7 @@ const credBad = `
  "resourceGroup": "vk-test-rg",`
 
 func TestAKSCredBadJson(t *testing.T) {
- file, err := ioutil.TempFile("", "aks_auth_test")
+ file, err := os.CreateTemp("", "aks_auth_test")
  if err != nil {
  t.Error(err)
  }
@@ -129,7 +128,7 @@ func TestSetAuthConfigWithAuthFile(t *testing.T) {
  "tenantId": "######-###-####-####-######"
 
 }`
- file, err := ioutil.TempFile("", "aks_auth_test")
+ file, err := os.CreateTemp("", "aks_auth_test")
  if err != nil {
  t.Error(err)
  }
@@ -176,7 +175,7 @@ func TestSetAuthConfigWithAKSCredFile(t *testing.T) {
  "vnetResourceGroup": "vk-aci-test-12917",
  "userAssignedIdentityID": "######-tuhn-41af-re3e0-######"
 }`
- file, err := ioutil.TempFile("", "aks_auth_test")
+ file, err := os.CreateTemp("", "aks_auth_test")
  if err != nil {
  t.Error(err)
  }

diff --git a/pkg/auth/authentication.go b/pkg/auth/authentication.go
@@ -0,0 +1,114 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the Apache 2.0 license.
+*/
+package auth
+
+import (
+ "bytes"
+ "context"
+ "encoding/binary"
+ "encoding/json"
+ "fmt"
+ "io"
+ "os"
+ "unicode/utf16"
+
+ "github.com/dimchansky/utfbom"
+ "github.com/virtual-kubelet/virtual-kubelet/log"
+)
+
+// Authentication represents the Authentication file for Azure.
+type Authentication struct {
+ ClientID string `json:"clientId,omitempty"`
+ ClientSecret string `json:"clientSecret,omitempty"`
+ SubscriptionID string `json:"subscriptionId,omitempty"`
+ TenantID string `json:"tenantId,omitempty"`
+ UserIdentityClientId string `json:"userIdentityClientId,omitempty"`
+}
+
+// NewAuthentication returns an Authentication struct from user provided credentials.
+func NewAuthentication(clientID, clientSecret, subscriptionID, tenantID, userAssignedIdentityID string) *Authentication {
+ return &Authentication{
+ ClientID: clientID,
+ ClientSecret: clientSecret,
+ SubscriptionID: subscriptionID,
+ TenantID: tenantID,
+ UserIdentityClientId: userAssignedIdentityID,
+ }
+}
+
+// newAuthenticationFromFile returns an Authentication struct from file path.
+func (a *Authentication) newAuthenticationFromFile(filepath string) error {
+ b, err := os.ReadFile(filepath)
+ if err != nil {
+ return fmt.Errorf("reading Authentication file %q failed: %v", filepath, err)
+ }
+
+ // Authentication file might be encoded.
+ decoded, err := a.decode(b)
+ if err != nil {
+ return fmt.Errorf("decoding Authentication file %q failed: %v", filepath, err)
+ }
+
+ // Unmarshal the Authentication file.
+ if err := json.Unmarshal(decoded, &a); err != nil {
+ return err
+ }
+ return nil
+}
+
+// aksCredential represents the credential file for AKS
+type aksCredential struct {
+ Cloud string `json:"cloud"`
+ TenantID string `json:"tenantId"`
+ SubscriptionID string `json:"subscriptionId"`
+ ClientID string `json:"aadClientId"`
+ ClientSecret string `json:"aadClientSecret"`
+ ResourceGroup string `json:"resourceGroup"`
+ Region string `json:"location"`
+ VNetName string `json:"vnetName"`
+ VNetResourceGroup string `json:"vnetResourceGroup"`
+ UserAssignedIdentityID string `json:"userAssignedIdentityID"`
+}
+
+// newAKSCredential returns an aksCredential struct from file path.
+func newAKSCredential(ctx context.Context, filePath string) (*aksCredential, error) {
+ logger := log.G(ctx).WithField("method", "newAKSCredential").WithField("file", filePath)
+ logger.Debug("Reading AKS credential file")
+
+ b, err := os.ReadFile(filePath)
+ if err != nil {
+ return nil, fmt.Errorf("reading AKS credential file %q failed: %v", filePath, err)
+ }
+
+ // Unmarshal the Authentication file.
+ var cred aksCredential
+ if err := json.Unmarshal(b, &cred); err != nil {
+ return nil, err
+ }
+ logger.Debug("load AKS credential file successfully")
+ return &cred, nil
+}
+
+func (a *Authentication) decode(b []byte) ([]byte, error) {
+ reader, enc := utfbom.Skip(bytes.NewReader(b))
+
+ switch enc {
+ case utfbom.UTF16LittleEndian:
+ u16 := make([]uint16, (len(b)/2)-1)
+ err := binary.Read(reader, binary.LittleEndian, &u16)
+ if err != nil {
+ return nil, err
+ }
+ return []byte(string(utf16.Decode(u16))), nil
+ case utfbom.UTF16BigEndian:
+ u16 := make([]uint16, (len(b)/2)-1)
+ err := binary.Read(reader, binary.BigEndian, &u16)
+ if err != nil {
+ return nil, err
+ }
+ return []byte(string(utf16.Decode(u16))), nil
+ }
+ return io.ReadAll(reader)
+}
diff --git a/pkg/auth/mock_auth_config.go b/pkg/auth/mock_auth_config.go
@@ -0,0 +1,43 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the Apache 2.0 license.
+*/
+package auth
+
+import (
+ "context"
+
+ "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+ "github.com/Azure/go-autorest/autorest"
+)
+
+type GetMSICredentialFunc func(ctx context.Context) (*azidentity.ManagedIdentityCredential, error)
+type GetSPCredentialFunc func(ctx context.Context) (*azidentity.ClientSecretCredential, error)
+type GetAuthorizerFunc func(ctx context.Context, resource string) (autorest.Authorizer, error)
+
+type MockConfig struct {
+ MockGetMSICredential GetMSICredentialFunc
+ MockGetSPCredential GetSPCredentialFunc
+ MockGetAuthorizer GetAuthorizerFunc
+}
+
+func (m *MockConfig) GetMSICredential(ctx context.Context) (*azidentity.ManagedIdentityCredential, error) {
+ if m.MockGetMSICredential != nil {
+ return m.MockGetMSICredential(ctx)
+ }
+ return nil, nil
+}
+
+func (m *MockConfig) GetSPCredential(ctx context.Context) (*azidentity.ClientSecretCredential, error) {
+ if m.MockGetSPCredential != nil {
+ return m.MockGetSPCredential(ctx)
+ }
+ return nil, nil
+}
+
+func (m *MockConfig) GetAuthorizer(ctx context.Context, resource string) (autorest.Authorizer, error) {
+ if m.MockGetAuthorizer != nil {
+ return m.MockGetAuthorizer(ctx, resource)
+ }
+ return nil, nil
+}