kedacore · tomkerkhove · Aug 29, 2023 · Jun 16, 2023 · Jun 19, 2023 · Jun 30, 2023
@@ -52,6 +52,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio
 
 ### Improvements
 
+- **Azure Pod Identity**: Add validation of identity ID to prevent usage of empty identity ID ([#4528](https://github.com/kedacore/keda/issues/4528))
 - **General:**: Add ScaledObject/ScaledJob names to output of `kubectl get triggerauthentication/clustertriggerauthentication` ([#796](https://github.com/kedacore/keda/issues/796))
 
 ### Fixes

@@ -18,132 +18,119 @@ package v1alpha1
 
 import (
 	"context"
-	"crypto/tls"
-	"fmt"
-	"net"
-	"path/filepath"
-	"testing"
-	"time"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
 	appsv1 "k8s.io/api/apps/v1"
 	v2 "k8s.io/api/autoscaling/v2"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
-	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	"k8s.io/client-go/rest"
 	"k8s.io/utils/pointer"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/envtest"
-	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
-	//+kubebuilder:scaffold:imports
 )
 
 // These tests use Ginkgo (BDD-style Go testing framework). Refer to
 // http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
 
-var cfg *rest.Config
-var k8sClient client.Client
-var testEnv *envtest.Environment
-var ctx context.Context
-var cancel context.CancelFunc
-
-const (
-	workloadName = "deployment-name"
-	soName       = "test-so"
-)
-
-func TestAPIs(t *testing.T) {
-	RegisterFailHandler(Fail)
-
-	RunSpecs(t, "Webhook Suite")
-}
-
-var _ = BeforeSuite(func() {
-	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
-
-	ctx, cancel = context.WithCancel(context.Background())
-
-	By("bootstrapping test environment")
-	testEnv = &envtest.Environment{
-		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "..", "config", "crd", "bases")},
-		ErrorIfCRDPathMissing: false,
-		WebhookInstallOptions: envtest.WebhookInstallOptions{
-			Paths: []string{filepath.Join("..", "..", "..", "config", "webhooks")},
-		},
-	}
-
-	var err error
-	// cfg is defined in this file globally.
-	done := make(chan interface{})
-	go func() {
-		defer GinkgoRecover()
-		cfg, err = testEnv.Start()
-		close(done)
-	}()
-	Eventually(done).WithTimeout(time.Minute).Should(BeClosed())
-	Expect(err).NotTo(HaveOccurred())
-	Expect(cfg).NotTo(BeNil())
-
-	scheme := runtime.NewScheme()
-	err = AddToScheme(scheme)
-	Expect(err).NotTo(HaveOccurred())
-
-	err = clientgoscheme.AddToScheme(scheme)
-	Expect(err).NotTo(HaveOccurred())
-
-	err = admissionv1beta1.AddToScheme(scheme)
-	Expect(err).NotTo(HaveOccurred())
-
-	//+kubebuilder:scaffold:scheme
-
-	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
-	Expect(err).NotTo(HaveOccurred())
-	Expect(k8sClient).NotTo(BeNil())
-
-	// start webhook server using Manager
-	webhookInstallOptions := &testEnv.WebhookInstallOptions
-	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
-		Scheme:             scheme,
-		Host:               webhookInstallOptions.LocalServingHost,
-		Port:               webhookInstallOptions.LocalServingPort,
-		CertDir:            webhookInstallOptions.LocalServingCertDir,
-		LeaderElection:     false,
-		MetricsBindAddress: "0",
-	})
-	Expect(err).NotTo(HaveOccurred())
-
-	err = (&ScaledObject{}).SetupWebhookWithManager(mgr)
-	Expect(err).NotTo(HaveOccurred())
-
-	//+kubebuilder:scaffold:webhook
-
-	go func() {
-		defer GinkgoRecover()
-		err = mgr.Start(ctx)
-		Expect(err).NotTo(HaveOccurred())
-	}()
-
-	// wait for the webhook server to get ready
-	dialer := &net.Dialer{Timeout: time.Second}
-	addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort)
-	Eventually(func() error {
-		conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			return err
-		}
-		conn.Close()
-		return nil
-	}).Should(Succeed())
-
-})
+// var cfg *rest.Config
+// var k8sClient client.Client
+// var testEnv *envtest.Environment
+// var ctx context.Context
+// var cancel context.CancelFunc
+
+// const (
+// 	workloadName = "deployment-name"
+// 	soName       = "test-so"
+// )
+
+// func TestAPIs(t *testing.T) {
+// 	RegisterFailHandler(Fail)
+
+// 	RunSpecs(t, "Webhook Suite")
+// }
+
+// var _ = BeforeSuite(func() {
+// 	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
+
+// 	ctx, cancel = context.WithCancel(context.Background())
+
+// 	By("bootstrapping test environment")
+// 	testEnv = &envtest.Environment{
+// 		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "..", "config", "crd", "bases")},
+// 		ErrorIfCRDPathMissing: false,
+// 		WebhookInstallOptions: envtest.WebhookInstallOptions{
+// 			Paths: []string{filepath.Join("..", "..", "..", "config", "webhooks")},
+// 		},
+// 	}
+// 	fmt.Println("xxxxxxxxxxf")
+// 	var err error
+// 	// cfg is defined in this file globally.
+// 	done := make(chan interface{})
+// 	go func() {
+// 		defer GinkgoRecover()
+// 		cfg, err = testEnv.Start()
+// 		close(done)
+// 	}()
+// 	Eventually(done).WithTimeout(time.Minute).Should(BeClosed())
+// 	Expect(err).NotTo(HaveOccurred())
+// 	Expect(cfg).NotTo(BeNil())
+
+// 	scheme := runtime.NewScheme()
+// 	err = AddToScheme(scheme)
+// 	Expect(err).NotTo(HaveOccurred())
+
+// 	err = clientgoscheme.AddToScheme(scheme)
+// 	Expect(err).NotTo(HaveOccurred())
+
+// 	err = admissionv1beta1.AddToScheme(scheme)
+// 	Expect(err).NotTo(HaveOccurred())
+
+// 	//+kubebuilder:scaffold:scheme
+
+// 	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
+// 	Expect(err).NotTo(HaveOccurred())
+// 	Expect(k8sClient).NotTo(BeNil())
+
+// 	// start webhook server using Manager
+// 	webhookInstallOptions := &testEnv.WebhookInstallOptions
+// 	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
+// 		Scheme:             scheme,
+// 		Host:               webhookInstallOptions.LocalServingHost,
+// 		Port:               webhookInstallOptions.LocalServingPort,
+// 		CertDir:            webhookInstallOptions.LocalServingCertDir,
+// 		LeaderElection:     false,
+// 		MetricsBindAddress: "0",
+// 	})
+// 	Expect(err).NotTo(HaveOccurred())
+
+// 	err = (&ScaledObject{}).SetupWebhookWithManager(mgr)
+// 	Expect(err).NotTo(HaveOccurred())
+
+// 	err = (&TriggerAuthentication{}).SetupWebhookWithManager(mgr)
+// 	Expect(err).NotTo(HaveOccurred())
+
+// 	//+kubebuilder:scaffold:webhook
+
+// 	go func() {
+// 		defer GinkgoRecover()
+// 		err = mgr.Start(ctx)
+// 		Expect(err).NotTo(HaveOccurred())
+// 	}()
+
+// 	// wait for the webhook server to get ready
+// 	dialer := &net.Dialer{Timeout: time.Second}
+// 	addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort)
+// 	Eventually(func() error {
+// 		conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true})
+// 		if err != nil {
+// 			return err
+// 		}
+// 		conn.Close()
+// 		return nil
+// 	}).Should(Succeed())
+
+// })
 
 var _ = It("should validate the so creation when there isn't any hpa", func() {
 

@@ -0,0 +1,141 @@
+/*
+Copyright 2023 The KEDA Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"path/filepath"
+	"testing"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	"k8s.io/apimachinery/pkg/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+)
+
+// These tests use Ginkgo (BDD-style Go testing framework). Refer to
+// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
+
+var cfg *rest.Config
+var k8sClient client.Client
+var testEnv *envtest.Environment
+var ctx context.Context
+var cancel context.CancelFunc
+
+const (
+	workloadName = "deployment-name"
+	soName       = "test-so"
+)
+
+func TestAPIs(t *testing.T) {
+	RegisterFailHandler(Fail)
+
+	RunSpecs(t, "Webhook Suite")
+}
+
+var _ = BeforeSuite(func() {
+	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
+
+	ctx, cancel = context.WithCancel(context.Background())
+
+	By("bootstrapping test environment")
+	testEnv = &envtest.Environment{
+		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "..", "config", "crd", "bases")},
+		ErrorIfCRDPathMissing: false,
+		WebhookInstallOptions: envtest.WebhookInstallOptions{
+			Paths: []string{filepath.Join("..", "..", "..", "config", "webhooks")},
+		},
+	}
+	var err error
+	// cfg is defined in this file globally.
+	done := make(chan interface{})
+	go func() {
+		defer GinkgoRecover()
+		cfg, err = testEnv.Start()
+		close(done)
+	}()
+	Eventually(done).WithTimeout(time.Minute).Should(BeClosed())
+	Expect(err).NotTo(HaveOccurred())
+	Expect(cfg).NotTo(BeNil())
+
+	scheme := runtime.NewScheme()
+	err = AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	err = clientgoscheme.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	err = admissionv1beta1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	//+kubebuilder:scaffold:scheme
+
+	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
+	Expect(err).NotTo(HaveOccurred())
+	Expect(k8sClient).NotTo(BeNil())
+
+	// start webhook server using Manager
+	webhookInstallOptions := &testEnv.WebhookInstallOptions
+	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
+		Scheme:             scheme,
+		Host:               webhookInstallOptions.LocalServingHost,
+		Port:               webhookInstallOptions.LocalServingPort,
+		CertDir:            webhookInstallOptions.LocalServingCertDir,
+		LeaderElection:     false,
+		MetricsBindAddress: "0",
+	})
+	Expect(err).NotTo(HaveOccurred())
+
+	err = (&ScaledObject{}).SetupWebhookWithManager(mgr)
+	Expect(err).NotTo(HaveOccurred())
+	err = (&TriggerAuthentication{}).SetupWebhookWithManager(mgr)
+	Expect(err).NotTo(HaveOccurred())
+	err = (&ClusterTriggerAuthentication{}).SetupWebhookWithManager(mgr)
+	Expect(err).NotTo(HaveOccurred())
+
+	//+kubebuilder:scaffold:webhook
+
+	go func() {
+		defer GinkgoRecover()
+		err = mgr.Start(ctx)
+		Expect(err).NotTo(HaveOccurred())
+	}()
+
+	// wait for the webhook server to get ready
+	dialer := &net.Dialer{Timeout: time.Second}
+	addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort)
+	Eventually(func() error {
+		conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true})
+		if err != nil {
+			return err
+		}
+		conn.Close()
+		return nil
+	}).Should(Succeed())
+
+})
@@ -132,7 +132,14 @@ const (
 type AuthPodIdentity struct {
 	Provider PodIdentityProvider `json:"provider"`
 	// +optional
-	IdentityID string `json:"identityId"`
+	IdentityID *string `json:"identityId"`
+}
+
+func (a *AuthPodIdentity) GetIdentityID() string {
+	if a.IdentityID == nil {
+		return ""
+	}
+	return *a.IdentityID
 }
 
 // AuthSecretTargetRef is used to authenticate using a reference to a secret