forked from TrueCloudLab/certificates
fixup! Add identity token for all Azure cloud environments
This commit is contained in:
parent
b2c2eec76b
commit
09cbe8ba65
2 changed files with 13 additions and 2 deletions
|
@ -43,7 +43,9 @@ var azureXMSMirIDRegExp = regexp.MustCompile(`(?i)^/subscriptions/([^/]+)/resour
|
||||||
// azureEnvironments is the list of all Azure environments.
|
// azureEnvironments is the list of all Azure environments.
|
||||||
var azureEnvironments = map[string]string{
|
var azureEnvironments = map[string]string{
|
||||||
"AzurePublicCloud": "https://management.azure.com/",
|
"AzurePublicCloud": "https://management.azure.com/",
|
||||||
|
"AzureCloud": "https://management.azure.com/",
|
||||||
"AzureUSGovernmentCloud": "https://management.usgovcloudapi.net/",
|
"AzureUSGovernmentCloud": "https://management.usgovcloudapi.net/",
|
||||||
|
"AzureUSGovernment": "https://management.usgovcloudapi.net/",
|
||||||
"AzureChinaCloud": "https://management.chinacloudapi.cn/",
|
"AzureChinaCloud": "https://management.chinacloudapi.cn/",
|
||||||
"AzureGermanCloud": "https://management.microsoftazure.de/",
|
"AzureGermanCloud": "https://management.microsoftazure.de/",
|
||||||
}
|
}
|
||||||
|
@ -118,6 +120,7 @@ type Azure struct {
|
||||||
oidcConfig openIDConfiguration
|
oidcConfig openIDConfiguration
|
||||||
keyStore *keyStore
|
keyStore *keyStore
|
||||||
ctl *Controller
|
ctl *Controller
|
||||||
|
environment string
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetID returns the provisioner unique identifier.
|
// GetID returns the provisioner unique identifier.
|
||||||
|
@ -184,12 +187,14 @@ func (p *Azure) GetIdentityToken(subject, caURL string) (string, error) {
|
||||||
|
|
||||||
// default to AzurePublicCloud to keep existing behavior
|
// default to AzurePublicCloud to keep existing behavior
|
||||||
identityTokenResource := azureEnvironments["AzurePublicCloud"]
|
identityTokenResource := azureEnvironments["AzurePublicCloud"]
|
||||||
environment, err := p.getAzureEnvironment()
|
|
||||||
|
var err error
|
||||||
|
p.environment, err = p.getAzureEnvironment()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", errors.Wrap(err, "error getting azure environment")
|
return "", errors.Wrap(err, "error getting azure environment")
|
||||||
}
|
}
|
||||||
|
|
||||||
if resource, ok := azureEnvironments[environment]; ok {
|
if resource, ok := azureEnvironments[p.environment]; ok {
|
||||||
identityTokenResource = resource
|
identityTokenResource = resource
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -479,6 +484,10 @@ func (p *Azure) assertConfig() {
|
||||||
|
|
||||||
// getAzureEnvironment returns the Azure environment for the current instance
|
// getAzureEnvironment returns the Azure environment for the current instance
|
||||||
func (p *Azure) getAzureEnvironment() (string, error) {
|
func (p *Azure) getAzureEnvironment() (string, error) {
|
||||||
|
if p.environment != "" {
|
||||||
|
return p.environment, nil
|
||||||
|
}
|
||||||
|
|
||||||
req, err := http.NewRequest("GET", p.config.instanceComputeURL, http.NoBody)
|
req, err := http.NewRequest("GET", p.config.instanceComputeURL, http.NoBody)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", errors.Wrap(err, "error creating request")
|
return "", errors.Wrap(err, "error creating request")
|
||||||
|
|
|
@ -166,6 +166,8 @@ func TestAzure_GetIdentityToken(t *testing.T) {
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
// reset environment between tests to avoid caching issues
|
||||||
|
p1.environment = ""
|
||||||
tt.azure.config.identityTokenURL = tt.identityTokenURL + "?want_resource=" + azureEnvironments[tt.wantEnvironment]
|
tt.azure.config.identityTokenURL = tt.identityTokenURL + "?want_resource=" + azureEnvironments[tt.wantEnvironment]
|
||||||
tt.azure.config.instanceComputeURL = tt.instanceComputeURL + "/" + tt.wantEnvironment
|
tt.azure.config.instanceComputeURL = tt.instanceComputeURL + "/" + tt.wantEnvironment
|
||||||
got, err := tt.azure.GetIdentityToken(tt.args.subject, tt.args.caURL)
|
got, err := tt.azure.GetIdentityToken(tt.args.subject, tt.args.caURL)
|
||||||
|
|
Loading…
Reference in a new issue