Skip to content

Commit

Permalink
chore: not supporting legacy envs
Browse files Browse the repository at this point in the history
  • Loading branch information
@comtalyst
comtalyst committed May 22, 2024
1 parent ab3ccc2 commit a56a078
Show file tree
Hide file tree
Showing 3 changed files with 0 additions and 186 deletions.
29 changes: 0 additions & 29 deletions pkg/auth/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ package auth
import (
"fmt"
"os"
"strconv"
"strings"

"github.com/Azure/go-autorest/autorest"
Expand Down Expand Up @@ -72,11 +71,6 @@ type Config struct {
// Configs only for AKS
ClusterName string `json:"clusterName" yaml:"clusterName"`
NodeResourceGroup string `json:"nodeResourceGroup" yaml:"nodeResourceGroup"`

// LEGACY: old AuthMethod fields, will only be used with AuthMethod is not provided
// Should not be used elsewhere apart from building AuthMethod when not provided
UseManagedIdentityExtension bool `json:"useManagedIdentityExtension" yaml:"useManagedIdentityExtension"`
UseCredentialFromEnvironment bool `json:"useCredentialFromEnvironment" yaml:"useCredentialFromEnvironment"`
}

// BuildAzureConfig returns a Config object for the Azure clients
Expand Down Expand Up @@ -119,22 +113,6 @@ func (cfg *Config) Build() error {
cfg.AuthMethod = strings.TrimSpace(os.Getenv("ARM_AUTH_METHOD"))
cfg.KubeletIdentityClientID = strings.TrimSpace(os.Getenv("ARM_KUBELET_IDENTITY_CLIENT_ID"))

// LEGACY: old AuthMethod fields, will only be used with AuthMethod is not provided
if gotEnv := os.Getenv("ARM_USE_MANAGED_IDENTITY_EXTENSION"); len(gotEnv) > 0 {
shouldUse, err := strconv.ParseBool(gotEnv)
if err != nil {
return err
}
cfg.UseManagedIdentityExtension = shouldUse
}
if gotEnv := os.Getenv("ARM_USE_CREDENTIAL_FROM_ENVIRONMENT"); len(gotEnv) > 0 {
shouldUse, err := strconv.ParseBool(gotEnv)
if err != nil {
return err
}
cfg.UseCredentialFromEnvironment = shouldUse
}

return nil
}

Expand All @@ -146,13 +124,6 @@ func (cfg *Config) Default() error {

if cfg.AuthMethod == "" {
cfg.AuthMethod = authMethodCredFromEnv

// LEGACY: old AuthMethod fields, will only be used with AuthMethod is not provided
if cfg.UseCredentialFromEnvironment {
cfg.AuthMethod = authMethodCredFromEnv
} else if cfg.UseManagedIdentityExtension {
cfg.AuthMethod = authMethodSysMSI
}
}

return nil
Expand Down
127 changes: 0 additions & 127 deletions pkg/auth/config_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,133 +149,6 @@ func TestBuildAzureConfig(t *testing.T) {
"ARM_KUBELET_IDENTITY_CLIENT_ID": "11111111-2222-3333-4444-555555555555",
},
},
{
name: "legacy bogus ARM_USE_MANAGED_IDENTITY_EXTENSION",
expected: nil,
wantErr: true,
env: map[string]string{
"ARM_RESOURCE_GROUP": "my-rg",
"ARM_SUBSCRIPTION_ID": "12345",
"AZURE_NODE_RESOURCE_GROUP": "my-node-rg",
"AZURE_SUBNET_ID": "12345",
"AZURE_SUBNET_NAME": "my-subnet",
"AZURE_VNET_NAME": "my-vnet",
"ARM_USE_MANAGED_IDENTITY_EXTENSION": "foo", // this is not a supported value
},
},
{
name: "auth method msi takes precedence over legacy",
expected: &Config{
SubscriptionID: "12345",
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vmss",
AuthMethod: "system-assigned-msi",
UseManagedIdentityExtension: false,
UseCredentialFromEnvironment: true,
},
wantErr: false,
env: map[string]string{
"ARM_RESOURCE_GROUP": "my-rg",
"ARM_SUBSCRIPTION_ID": "12345",
"AZURE_NODE_RESOURCE_GROUP": "my-node-rg",
"AZURE_SUBNET_ID": "12345",
"AZURE_SUBNET_NAME": "my-subnet",
"AZURE_VNET_NAME": "my-vnet",
"ARM_AUTH_METHOD": "system-assigned-msi",
"ARM_USE_MANAGED_IDENTITY_EXTENSION": "false",
"ARM_USE_CREDENTIAL_FROM_ENVIRONMENT": "true",
},
},
{
name: "auth method credential from environment takes precedence over legacy",
expected: &Config{
SubscriptionID: "12345",
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vmss",
AuthMethod: "credential-from-environment",
UseManagedIdentityExtension: true,
UseCredentialFromEnvironment: false,
},
wantErr: false,
env: map[string]string{
"ARM_RESOURCE_GROUP": "my-rg",
"ARM_SUBSCRIPTION_ID": "12345",
"AZURE_NODE_RESOURCE_GROUP": "my-node-rg",
"AZURE_SUBNET_ID": "12345",
"AZURE_SUBNET_NAME": "my-subnet",
"AZURE_VNET_NAME": "my-vnet",
"ARM_AUTH_METHOD": "credential-from-environment",
"ARM_USE_MANAGED_IDENTITY_EXTENSION": "true",
"ARM_USE_CREDENTIAL_FROM_ENVIRONMENT": "false",
},
},
{
name: "legacy valid msi",
expected: &Config{
SubscriptionID: "12345",
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vmss",
UseManagedIdentityExtension: true,
AuthMethod: "system-assigned-msi",
},
wantErr: false,
env: map[string]string{
"ARM_RESOURCE_GROUP": "my-rg",
"ARM_SUBSCRIPTION_ID": "12345",
"AZURE_NODE_RESOURCE_GROUP": "my-node-rg",
"AZURE_SUBNET_ID": "12345",
"AZURE_SUBNET_NAME": "my-subnet",
"AZURE_VNET_NAME": "my-vnet",
"ARM_USE_MANAGED_IDENTITY_EXTENSION": "true",
},
},
{
name: "legacy msi + valid kubelet identity",
expected: &Config{
SubscriptionID: "12345",
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vmss",
UseManagedIdentityExtension: true,
AuthMethod: "system-assigned-msi",
KubeletIdentityClientID: "11111111-2222-3333-4444-555555555555",
},
wantErr: false,
env: map[string]string{
"ARM_RESOURCE_GROUP": "my-rg",
"ARM_SUBSCRIPTION_ID": "12345",
"AZURE_NODE_RESOURCE_GROUP": "my-node-rg",
"AZURE_SUBNET_ID": "12345",
"AZURE_SUBNET_NAME": "my-subnet",
"AZURE_VNET_NAME": "my-vnet",
"ARM_USE_MANAGED_IDENTITY_EXTENSION": "true",
"ARM_KUBELET_IDENTITY_CLIENT_ID": "11111111-2222-3333-4444-555555555555",
},
},
{
name: "legacy credential from environment",
expected: &Config{
SubscriptionID: "12345",
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vmss",
UseCredentialFromEnvironment: true,
AuthMethod: "credential-from-environment",
},
wantErr: false,
env: map[string]string{
"ARM_RESOURCE_GROUP": "my-rg",
"ARM_SUBSCRIPTION_ID": "12345",
"AZURE_NODE_RESOURCE_GROUP": "my-node-rg",
"AZURE_SUBNET_ID": "12345",
"AZURE_SUBNET_NAME": "my-subnet",
"AZURE_VNET_NAME": "my-vnet",
"ARM_USE_CREDENTIAL_FROM_ENVIRONMENT": "true",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down
30 changes: 0 additions & 30 deletions pkg/auth/cred_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,36 +70,6 @@ func TestNewCredential(t *testing.T) {
want: reflect.TypeOf(&azidentity.DefaultAzureCredential{}),
wantErr: false,
},
{
name: "legacy is not supported",
cfg: &Config{
UseCredentialFromEnvironment: true,
UseManagedIdentityExtension: true,
},
want: nil,
wantErr: true,
wantErrStr: "cred: unsupported auth method: ",
},
{
name: "auth method system-assigned-msi takes precedence over legacy",
cfg: &Config{
AuthMethod: authMethodSysMSI,
UseCredentialFromEnvironment: true,
UseManagedIdentityExtension: false,
},
want: reflect.TypeOf(&azidentity.ManagedIdentityCredential{}),
wantErr: false,
},
{
name: "auth method credential-from-environment takes precedence over legacy",
cfg: &Config{
AuthMethod: authMethodCredFromEnv,
UseCredentialFromEnvironment: false,
UseManagedIdentityExtension: true,
},
want: reflect.TypeOf(&azidentity.DefaultAzureCredential{}),
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down

0 comments on commit a56a078

Please sign in to comment.