alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Replace subscriptions with resource groups.

Browse source
This commit is contained in:
Mariano Cano 2019-05-08 17:11:55 -07:00
parent 32d2d6b75a
commit 423d505d04
2 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
authority/provisioner/azure.go
View file

@ -78,7 +78,7 @@ type Azure struct {
Type string `json:"type"` Type string `json:"type"`
Name string `json:"name"` Name string `json:"name"`
TenantID string `json:"tenantId"` TenantID string `json:"tenantId"`
Subscriptions []string `json:"subscriptions"` ResourceGroups []string `json:"resourceGroups"`
Audience string `json:"audience,omitempty"` Audience string `json:"audience,omitempty"`
DisableCustomSANs bool `json:"disableCustomSANs"` DisableCustomSANs bool `json:"disableCustomSANs"`
DisableTrustOnFirstUse bool `json:"disableTrustOnFirstUse"` DisableTrustOnFirstUse bool `json:"disableTrustOnFirstUse"`
@ -244,19 +244,19 @@ func (p *Azure) AuthorizeSign(token string) ([]SignOption, error) {
if len(re) == 0 { if len(re) == 0 {
return nil, errors.Errorf("error parsing xms_mirid claim: %s", claims.XMSMirID) return nil, errors.Errorf("error parsing xms_mirid claim: %s", claims.XMSMirID)
} }
subscription, name := re[1], re[3] group, name := re[2], re[3]
// Filter by subscriptions // Filter by resource group
if len(p.Subscriptions) > 0 { if len(p.ResourceGroups) > 0 {
var found bool var found bool
for _, s := range p.Subscriptions { for _, g := range p.ResourceGroups {
if s == subscription { if g == group {
found = true found = true
break break
} }
} }
if !found { if !found {
return nil, errors.New("validation failed: invalid subscription id") return nil, errors.New("validation failed: invalid resource group")
} }
} }

6
authority/provisioner/azure_test.go
View file

@ -208,7 +208,7 @@ func TestAzure_AuthorizeSign(t *testing.T) {
p2, err := generateAzure() p2, err := generateAzure()
assert.FatalError(t, err) assert.FatalError(t, err)
p2.TenantID = p1.TenantID p2.TenantID = p1.TenantID
p2.Subscriptions = []string{"subscriptionID"} p2.ResourceGroups = []string{"resourceGroup"}
p2.config = p1.config p2.config = p1.config
p2.oidcConfig = p1.oidcConfig p2.oidcConfig = p1.oidcConfig
p2.keyStore = p1.keyStore p2.keyStore = p1.keyStore
@ -223,7 +223,7 @@ func TestAzure_AuthorizeSign(t *testing.T) {
p4, err := generateAzure() p4, err := generateAzure()
assert.FatalError(t, err) assert.FatalError(t, err)
p4.TenantID = p1.TenantID p4.TenantID = p1.TenantID
p4.Subscriptions = []string{"subscriptionID1"} p4.ResourceGroups = []string{"foobarzar"}
p4.config = p1.config p4.config = p1.config
p4.oidcConfig = p1.oidcConfig p4.oidcConfig = p1.oidcConfig
p4.keyStore = p1.keyStore p4.keyStore = p1.keyStore
@ -280,7 +280,7 @@ func TestAzure_AuthorizeSign(t *testing.T) {
{"ok", p2, args{t2}, 5, false}, {"ok", p2, args{t2}, 5, false},
{"ok", p1, args{t11}, 4, false}, {"ok", p1, args{t11}, 4, false},
{"fail tenant", p3, args{t3}, 0, true}, {"fail tenant", p3, args{t3}, 0, true},
{"fail subscription", p4, args{t4}, 0, true}, {"fail resource group", p4, args{t4}, 0, true},
{"fail token", p1, args{"token"}, 0, true}, {"fail token", p1, args{"token"}, 0, true},
{"fail issuer", p1, args{failIssuer}, 0, true}, {"fail issuer", p1, args{failIssuer}, 0, true},
{"fail audience", p1, args{failAudience}, 0, true}, {"fail audience", p1, args{failAudience}, 0, true},