diff --git a/pkg/auth/config.go b/pkg/auth/config.go index 69f5e3866..f2cec20f8 100644 --- a/pkg/auth/config.go +++ b/pkg/auth/config.go @@ -19,7 +19,6 @@ package auth import ( "fmt" "os" - "strconv" "strings" "github.com/Azure/go-autorest/autorest" @@ -72,11 +71,6 @@ type Config struct { // Configs only for AKS ClusterName string `json:"clusterName" yaml:"clusterName"` NodeResourceGroup string `json:"nodeResourceGroup" yaml:"nodeResourceGroup"` - - // LEGACY: old AuthMethod fields, will only be used with AuthMethod is not provided - // Should not be used elsewhere apart from building AuthMethod when not provided - UseManagedIdentityExtension bool `json:"useManagedIdentityExtension" yaml:"useManagedIdentityExtension"` - UseCredentialFromEnvironment bool `json:"useCredentialFromEnvironment" yaml:"useCredentialFromEnvironment"` } // BuildAzureConfig returns a Config object for the Azure clients @@ -119,22 +113,6 @@ func (cfg *Config) Build() error { cfg.AuthMethod = strings.TrimSpace(os.Getenv("ARM_AUTH_METHOD")) cfg.KubeletIdentityClientID = strings.TrimSpace(os.Getenv("ARM_KUBELET_IDENTITY_CLIENT_ID")) - // LEGACY: old AuthMethod fields, will only be used with AuthMethod is not provided - if gotEnv := os.Getenv("ARM_USE_MANAGED_IDENTITY_EXTENSION"); len(gotEnv) > 0 { - shouldUse, err := strconv.ParseBool(gotEnv) - if err != nil { - return err - } - cfg.UseManagedIdentityExtension = shouldUse - } - if gotEnv := os.Getenv("ARM_USE_CREDENTIAL_FROM_ENVIRONMENT"); len(gotEnv) > 0 { - shouldUse, err := strconv.ParseBool(gotEnv) - if err != nil { - return err - } - cfg.UseCredentialFromEnvironment = shouldUse - } - return nil } @@ -146,13 +124,6 @@ func (cfg *Config) Default() error { if cfg.AuthMethod == "" { cfg.AuthMethod = authMethodCredFromEnv - - // LEGACY: old AuthMethod fields, will only be used with AuthMethod is not provided - if cfg.UseCredentialFromEnvironment { - cfg.AuthMethod = authMethodCredFromEnv - } else if cfg.UseManagedIdentityExtension { - cfg.AuthMethod = authMethodSysMSI - } } return nil diff --git a/pkg/auth/config_test.go b/pkg/auth/config_test.go index c533d6d73..4f484dc24 100644 --- a/pkg/auth/config_test.go +++ b/pkg/auth/config_test.go @@ -149,133 +149,6 @@ func TestBuildAzureConfig(t *testing.T) { "ARM_KUBELET_IDENTITY_CLIENT_ID": "11111111-2222-3333-4444-555555555555", }, }, - { - name: "legacy bogus ARM_USE_MANAGED_IDENTITY_EXTENSION", - expected: nil, - wantErr: true, - env: map[string]string{ - "ARM_RESOURCE_GROUP": "my-rg", - "ARM_SUBSCRIPTION_ID": "12345", - "AZURE_NODE_RESOURCE_GROUP": "my-node-rg", - "AZURE_SUBNET_ID": "12345", - "AZURE_SUBNET_NAME": "my-subnet", - "AZURE_VNET_NAME": "my-vnet", - "ARM_USE_MANAGED_IDENTITY_EXTENSION": "foo", // this is not a supported value - }, - }, - { - name: "auth method msi takes precedence over legacy", - expected: &Config{ - SubscriptionID: "12345", - ResourceGroup: "my-rg", - NodeResourceGroup: "my-node-rg", - VMType: "vmss", - AuthMethod: "system-assigned-msi", - UseManagedIdentityExtension: false, - UseCredentialFromEnvironment: true, - }, - wantErr: false, - env: map[string]string{ - "ARM_RESOURCE_GROUP": "my-rg", - "ARM_SUBSCRIPTION_ID": "12345", - "AZURE_NODE_RESOURCE_GROUP": "my-node-rg", - "AZURE_SUBNET_ID": "12345", - "AZURE_SUBNET_NAME": "my-subnet", - "AZURE_VNET_NAME": "my-vnet", - "ARM_AUTH_METHOD": "system-assigned-msi", - "ARM_USE_MANAGED_IDENTITY_EXTENSION": "false", - "ARM_USE_CREDENTIAL_FROM_ENVIRONMENT": "true", - }, - }, - { - name: "auth method credential from environment takes precedence over legacy", - expected: &Config{ - SubscriptionID: "12345", - ResourceGroup: "my-rg", - NodeResourceGroup: "my-node-rg", - VMType: "vmss", - AuthMethod: "credential-from-environment", - UseManagedIdentityExtension: true, - UseCredentialFromEnvironment: false, - }, - wantErr: false, - env: map[string]string{ - "ARM_RESOURCE_GROUP": "my-rg", - "ARM_SUBSCRIPTION_ID": "12345", - "AZURE_NODE_RESOURCE_GROUP": "my-node-rg", - "AZURE_SUBNET_ID": "12345", - "AZURE_SUBNET_NAME": "my-subnet", - "AZURE_VNET_NAME": "my-vnet", - "ARM_AUTH_METHOD": "credential-from-environment", - "ARM_USE_MANAGED_IDENTITY_EXTENSION": "true", - "ARM_USE_CREDENTIAL_FROM_ENVIRONMENT": "false", - }, - }, - { - name: "legacy valid msi", - expected: &Config{ - SubscriptionID: "12345", - ResourceGroup: "my-rg", - NodeResourceGroup: "my-node-rg", - VMType: "vmss", - UseManagedIdentityExtension: true, - AuthMethod: "system-assigned-msi", - }, - wantErr: false, - env: map[string]string{ - "ARM_RESOURCE_GROUP": "my-rg", - "ARM_SUBSCRIPTION_ID": "12345", - "AZURE_NODE_RESOURCE_GROUP": "my-node-rg", - "AZURE_SUBNET_ID": "12345", - "AZURE_SUBNET_NAME": "my-subnet", - "AZURE_VNET_NAME": "my-vnet", - "ARM_USE_MANAGED_IDENTITY_EXTENSION": "true", - }, - }, - { - name: "legacy msi + valid kubelet identity", - expected: &Config{ - SubscriptionID: "12345", - ResourceGroup: "my-rg", - NodeResourceGroup: "my-node-rg", - VMType: "vmss", - UseManagedIdentityExtension: true, - AuthMethod: "system-assigned-msi", - KubeletIdentityClientID: "11111111-2222-3333-4444-555555555555", - }, - wantErr: false, - env: map[string]string{ - "ARM_RESOURCE_GROUP": "my-rg", - "ARM_SUBSCRIPTION_ID": "12345", - "AZURE_NODE_RESOURCE_GROUP": "my-node-rg", - "AZURE_SUBNET_ID": "12345", - "AZURE_SUBNET_NAME": "my-subnet", - "AZURE_VNET_NAME": "my-vnet", - "ARM_USE_MANAGED_IDENTITY_EXTENSION": "true", - "ARM_KUBELET_IDENTITY_CLIENT_ID": "11111111-2222-3333-4444-555555555555", - }, - }, - { - name: "legacy credential from environment", - expected: &Config{ - SubscriptionID: "12345", - ResourceGroup: "my-rg", - NodeResourceGroup: "my-node-rg", - VMType: "vmss", - UseCredentialFromEnvironment: true, - AuthMethod: "credential-from-environment", - }, - wantErr: false, - env: map[string]string{ - "ARM_RESOURCE_GROUP": "my-rg", - "ARM_SUBSCRIPTION_ID": "12345", - "AZURE_NODE_RESOURCE_GROUP": "my-node-rg", - "AZURE_SUBNET_ID": "12345", - "AZURE_SUBNET_NAME": "my-subnet", - "AZURE_VNET_NAME": "my-vnet", - "ARM_USE_CREDENTIAL_FROM_ENVIRONMENT": "true", - }, - }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/pkg/auth/cred_test.go b/pkg/auth/cred_test.go index ec3817db7..ceafa4fd5 100644 --- a/pkg/auth/cred_test.go +++ b/pkg/auth/cred_test.go @@ -70,36 +70,6 @@ func TestNewCredential(t *testing.T) { want: reflect.TypeOf(&azidentity.DefaultAzureCredential{}), wantErr: false, }, - { - name: "legacy is not supported", - cfg: &Config{ - UseCredentialFromEnvironment: true, - UseManagedIdentityExtension: true, - }, - want: nil, - wantErr: true, - wantErrStr: "cred: unsupported auth method: ", - }, - { - name: "auth method system-assigned-msi takes precedence over legacy", - cfg: &Config{ - AuthMethod: authMethodSysMSI, - UseCredentialFromEnvironment: true, - UseManagedIdentityExtension: false, - }, - want: reflect.TypeOf(&azidentity.ManagedIdentityCredential{}), - wantErr: false, - }, - { - name: "auth method credential-from-environment takes precedence over legacy", - cfg: &Config{ - AuthMethod: authMethodCredFromEnv, - UseCredentialFromEnvironment: false, - UseManagedIdentityExtension: true, - }, - want: reflect.TypeOf(&azidentity.DefaultAzureCredential{}), - wantErr: false, - }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {