d8dfun/virtual-kubelet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

[ACI] Fallback to parse authConfig.Auth when Username field is not specified (#421)

Browse Source 
* Fallback to parse authConfig.Auth when Username field is not specified
This commit is contained in:
Robbie Zhang
2018-11-28 11:33:07 -08:00
committed by Brian Goff
parent 8d264db90d
commit 338a7c2213
2 changed files with 112 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
providers/azure/aci.go
View File

@@ -997,6 +997,38 @@ func (p *ACIProvider) getImagePullSecrets(pod *v1.Pod) ([]aci.ImageRegistryCrede
return ips, nil return ips, nil
} }
func makeRegistryCredential(server string, authConfig AuthConfig) (*aci.ImageRegistryCredential, error) {
username := authConfig.Username
password := authConfig.Password
if username == "" {
if authConfig.Auth == "" {
return nil, fmt.Errorf("no username present in auth config for server: %s", server)
}
decoded, err := base64.StdEncoding.DecodeString(authConfig.Auth)
if err != nil {
return nil, fmt.Errorf("error decoding the auth for server: %s Error: %v", server, err)
}
parts := strings.Split(string(decoded), ":")
if len(parts) != 2 {
return nil, fmt.Errorf("malformed auth for server: %s", server)
}
username = parts[0]
password = parts[1]
}
cred := aci.ImageRegistryCredential{
Server: server,
Username: username,
Password: password,
}
return &cred, nil
}
func readDockerCfgSecret(secret *v1.Secret, ips []aci.ImageRegistryCredential) ([]aci.ImageRegistryCredential, error) { func readDockerCfgSecret(secret *v1.Secret, ips []aci.ImageRegistryCredential) ([]aci.ImageRegistryCredential, error) {
var err error var err error
var authConfigs map[string]AuthConfig var authConfigs map[string]AuthConfig
@@ -1011,12 +1043,13 @@ func readDockerCfgSecret(secret *v1.Secret, ips []aci.ImageRegistryCredential) (
return ips, err return ips, err
} }
for server, authConfig := range authConfigs { for server := range authConfigs {
ips = append(ips, aci.ImageRegistryCredential{ cred, err := makeRegistryCredential(server, authConfigs[server])
Password: authConfig.Password, if err != nil {
Server: server, return ips, err
Username: authConfig.Username, }
})
ips = append(ips, *cred)
} }
return ips, err return ips, err
@@ -1038,17 +1071,17 @@ func readDockerConfigJSONSecret(secret *v1.Secret, ips []aci.ImageRegistryCreden
} }
auths, ok := authConfigs["auths"] auths, ok := authConfigs["auths"]
if !ok { if !ok {
return ips, fmt.Errorf("malformed dockerconfigjson in secret") return ips, fmt.Errorf("malformed dockerconfigjson in secret")
} }
for server, authConfig := range auths { for server := range auths {
ips = append(ips, aci.ImageRegistryCredential{ cred, err := makeRegistryCredential(server, auths[server])
Password: authConfig.Password, if err != nil {
Server: server, return ips, err
Username: authConfig.Username, }
})
ips = append(ips, *cred)
} }
return ips, err return ips, err

66
providers/azure/aci_test.go
View File

@@ -7,11 +7,13 @@ package azure
import ( import (
"bytes" "bytes"
"context" "context"
"encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"os" "os"
"strings"
"testing" "testing"
"github.com/google/uuid" "github.com/google/uuid"
@@ -35,6 +37,70 @@ const (
fakeNodeName = "vk" fakeNodeName = "vk"
) )
// Test make registry credential
func TestMakeRegistryCredential(t *testing.T) {
server := "server-" + uuid.New().String()
username := "user-" + uuid.New().String()
password := "pass-" + uuid.New().String()
auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
tt := []struct {
name string
authConfig AuthConfig
shouldFail bool
failMessage string
}{
{
"Valid username and password",
AuthConfig{Username: username, Password: password},
false,
"",
},
{
"Username and password in auth",
AuthConfig{Auth: auth},
false,
"",
},
{
"No Username",
AuthConfig{},
true,
"no username present in auth config for server",
},
{
"Invalid Auth",
AuthConfig{Auth: "123"},
true,
"error decoding the auth for server",
},
{
"Malformed Auth",
AuthConfig{Auth: base64.StdEncoding.EncodeToString([]byte("123"))},
true,
"malformed auth for server",
},
}
for _, tc := range tt {
t.Run(tc.name, func(t *testing.T) {
cred, err := makeRegistryCredential(server, tc.authConfig)
if tc.shouldFail {
assert.NotNil(t, err, "convertion should fail")
assert.True(t, strings.Contains(err.Error(), tc.failMessage), "failed message is not expected")
return
}
assert.Nil(t, err, "convertion should not fail")
assert.NotNil(t, cred, "credential should not be nil")
assert.Equal(t, server, cred.Server, "server doesn't match")
assert.Equal(t, username, cred.Username, "username doesn't match")
assert.Equal(t, password, cred.Password, "password doesn't match")
})
}
}
// Tests create pod without resource spec // Tests create pod without resource spec
func TestCreatePodWithoutResourceSpec(t *testing.T) { func TestCreatePodWithoutResourceSpec(t *testing.T) {
_, aciServerMocker, provider, err := prepareMocks() _, aciServerMocker, provider, err := prepareMocks()