Skip to content

Commit

Permalink
chore: add more tests for auth
Browse files Browse the repository at this point in the history
  • Loading branch information
feiskyer authored May 17, 2022
1 parent 83d5a87 commit 76a5693
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 0 deletions.
87 changes: 87 additions & 0 deletions pkg/auth/azure_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ limitations under the License.
package auth

import (
"io/ioutil"
"net/http"
"net/http/httptest"
"os"
"testing"

"github.com/Azure/go-autorest/autorest/adal"
Expand Down Expand Up @@ -50,6 +54,11 @@ var (
UseManagedIdentityExtension: true,
},
}

// msiEndpointEnv is the environment variable used to store the endpoint in go-autorest/adal library.
msiEndpointEnv = "MSI_ENDPOINT"
// msiSecretEnv is the environment variable used to store the request secret in go-autorest/adal library.
msiSecretEnv = "MSI_SECRET"
)

func TestGetServicePrincipalTokenFromMSIWithUserAssignedID(t *testing.T) {
Expand All @@ -70,6 +79,23 @@ func TestGetServicePrincipalTokenFromMSIWithUserAssignedID(t *testing.T) {
}
env := &azure.PublicCloud

// msiEndpointEnv and msiSecretEnv are required because autorest/adal library requires IMDS endpoint to be available.
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "GET", r.Method)
w.WriteHeader(http.StatusOK)
_, err := w.Write([]byte("{}"))
assert.NoError(t, err)
}))
originalEnv := os.Getenv(msiEndpointEnv)
originalSecret := os.Getenv(msiSecretEnv)
os.Setenv(msiEndpointEnv, server.URL)
os.Setenv(msiSecretEnv, "secret")
defer func() {
server.Close()
os.Setenv(msiEndpointEnv, originalEnv)
os.Setenv(msiSecretEnv, originalSecret)
}()

for _, config := range configs {
token, err := GetServicePrincipalToken(config, env, "")
assert.NoError(t, err)
Expand Down Expand Up @@ -149,6 +175,23 @@ func TestGetServicePrincipalTokenFromMSI(t *testing.T) {
}
env := &azure.PublicCloud

// msiEndpointEnv and msiSecretEnv are required because autorest/adal library requires IMDS endpoint to be available.
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "GET", r.Method)
w.WriteHeader(http.StatusOK)
_, err := w.Write([]byte("{}"))
assert.NoError(t, err)
}))
originalEnv := os.Getenv(msiEndpointEnv)
originalSecret := os.Getenv(msiSecretEnv)
os.Setenv(msiEndpointEnv, server.URL)
os.Setenv(msiSecretEnv, "secret")
defer func() {
server.Close()
os.Setenv(msiEndpointEnv, originalEnv)
os.Setenv(msiSecretEnv, originalSecret)
}()

for _, config := range configs {
token, err := GetServicePrincipalToken(config, env, "")
assert.NoError(t, err)
Expand Down Expand Up @@ -205,6 +248,28 @@ func TestGetMultiTenantServicePrincipalToken(t *testing.T) {
assert.Equal(t, multiTenantToken, spt)
}

func TestGetServicePrincipalTokenFromCertificate(t *testing.T) {
config := &AzureAuthConfig{
TenantID: "TenantID",
AADClientID: "AADClientID",
AADClientCertPath: "./testdata/test.pfx",
AADClientCertPassword: "id",
}
env := &azure.PublicCloud
token, err := GetServicePrincipalToken(config, env, "")
assert.NoError(t, err)

oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, config.TenantID, nil)
assert.NoError(t, err)
pfxContent, err := ioutil.ReadFile("./testdata/test.pfx")
assert.NoError(t, err)
certificate, privateKey, err := decodePkcs12(pfxContent, "id")
assert.NoError(t, err)
spt, err := adal.NewServicePrincipalTokenFromCertificate(*oauthConfig, config.AADClientID, certificate, privateKey, env.ServiceManagementEndpoint)
assert.NoError(t, err)
assert.Equal(t, token, spt)
}

func TestGetMultiTenantServicePrincipalTokenNegative(t *testing.T) {
env := &azure.PublicCloud
for _, config := range CrossTenantNetworkResourceNegativeConfig {
Expand Down Expand Up @@ -271,6 +336,28 @@ func TestParseAzureEnvironment(t *testing.T) {
}
}

func TestParseAzureEnvironmentForAzureStack(t *testing.T) {
c := struct {
cloudName string
resourceManagerEndpoint string
identitySystem string
}{
cloudName: "AZURESTACKCCLOUD",
resourceManagerEndpoint: "https://management.azure.com/",
identitySystem: "",
}

nameOverride := azure.OverrideProperty{Key: azure.EnvironmentName, Value: c.cloudName}
expected, err := azure.EnvironmentFromURL(c.resourceManagerEndpoint, nameOverride)
assert.NoError(t, err)
azureStackOverrides(&expected, c.resourceManagerEndpoint, c.identitySystem)

env, err := ParseAzureEnvironment(c.cloudName, c.resourceManagerEndpoint, c.identitySystem)
assert.NoError(t, err)
assert.Equal(t, env, &expected)

}

func TestAzureStackOverrides(t *testing.T) {
env := &azure.PublicCloud
resourceManagerEndpoint := "https://management.test.com/"
Expand Down
Binary file added pkg/auth/testdata/test.pfx
Binary file not shown.

0 comments on commit 76a5693

Please sign in to comment.