d8dfun/virtual-kubelet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

use secure value in ACI for secrets (#276)

Browse Source 
* use secure value in ACI for secrets

* add tests for env variable conversion
This commit is contained in:
Rohan Chakravarthy
2018-07-30 11:44:41 -07:00
committed by Robbie Zhang
parent ef6ae9ecf4
commit 13fbd5c38e
2 changed files with 71 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
providers/azure/aci.go
View File

@@ -676,10 +676,8 @@ func (p *ACIProvider) getContainers(pod *v1.Pod) ([]aci.Container, error) {
c.EnvironmentVariables = make([]aci.EnvironmentVariable, 0, len(container.Env)) c.EnvironmentVariables = make([]aci.EnvironmentVariable, 0, len(container.Env))
for _, e := range container.Env { for _, e := range container.Env {
c.EnvironmentVariables = append(c.EnvironmentVariables, aci.EnvironmentVariable{ envVar := getACIEnvVar(e)
Name: e.Name, c.EnvironmentVariables = append(c.EnvironmentVariables, envVar)
Value: e.Value,
})
} }
// NOTE(robbiezhang): ACI CPU request must be times of 10m // NOTE(robbiezhang): ACI CPU request must be times of 10m
@@ -1058,3 +1056,20 @@ func filterServiceAccountSecretVolume(osType string, containerGroup *aci.Contain
containerGroup.ContainerGroupProperties.Volumes = volumes containerGroup.ContainerGroupProperties.Volumes = volumes
} }
} }
func getACIEnvVar(e v1.EnvVar) aci.EnvironmentVariable {
var envVar aci.EnvironmentVariable
// If the variable is a secret, use SecureValue
if e.ValueFrom.SecretKeyRef != nil {
envVar = aci.EnvironmentVariable{
Name: e.Name,
SecureValue: e.Value,
}
} else {
envVar = aci.EnvironmentVariable{
Name: e.Name,
Value: e.Value,
}
}
return envVar
}

52
providers/azure/aci_test.go
View File

@@ -363,6 +363,58 @@ func TestGetPodWithoutResourceRequestsLimits(t *testing.T) {
"Containers[0].Resources.Requests.Memory doesn't match") "Containers[0].Resources.Requests.Memory doesn't match")
} }
func TestPodToACISecretEnvVar(t *testing.T) {
testKey := "testVar"
testVal := "testVal"
e := v1.EnvVar{
Name: testKey,
Value: testVal,
ValueFrom: &v1.EnvVarSource{
SecretKeyRef: &v1.SecretKeySelector{},
},
}
aciEnvVar := getACIEnvVar(e)
if aciEnvVar.Value != "" {
t.Fatalf("ACI Env Variable Value should be empty for a secret")
}
if aciEnvVar.Name != testKey {
t.Fatalf("ACI Env Variable Name does not match expected Name")
}
if aciEnvVar.SecureValue != testVal {
t.Fatalf("ACI Env Variable Secure Value does not match expected value")
}
}
func TestPodToACIEnvVar(t *testing.T) {
testKey := "testVar"
testVal := "testVal"
e := v1.EnvVar{
Name: testKey,
Value: testVal,
ValueFrom: &v1.EnvVarSource{},
}
aciEnvVar := getACIEnvVar(e)
if aciEnvVar.SecureValue != "" {
t.Fatalf("ACI Env Variable Secure Value should be empty for non-secret variables")
}
if aciEnvVar.Name != testKey {
t.Fatalf("ACI Env Variable Name does not match expected Name")
}
if aciEnvVar.Value != testVal {
t.Fatalf("ACI Env Variable Value does not match expected value")
}
}
func prepareMocks() (*AADMock, *ACIMock, *ACIProvider, error) { func prepareMocks() (*AADMock, *ACIMock, *ACIProvider, error) {
aadServerMocker := NewAADMock() aadServerMocker := NewAADMock()
aciServerMocker := NewACIMock() aciServerMocker := NewACIMock()