k8s.io/kubernetes@v1.29.3/pkg/credentialprovider/azure/azure_credentials_test.go (about) 1 //go:build !providerless 2 // +build !providerless 3 4 /* 5 Copyright 2016 The Kubernetes Authors. 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 */ 19 20 package azure 21 22 import ( 23 "bytes" 24 "testing" 25 26 "github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry" 27 "github.com/Azure/go-autorest/autorest/azure" 28 "k8s.io/client-go/tools/cache" 29 "k8s.io/utils/pointer" 30 31 "github.com/stretchr/testify/assert" 32 ) 33 34 func Test(t *testing.T) { 35 configStr := ` 36 { 37 "aadClientId": "foo", 38 "aadClientSecret": "bar" 39 }` 40 result := []containerregistry.Registry{ 41 { 42 Name: pointer.String("foo"), 43 RegistryProperties: &containerregistry.RegistryProperties{ 44 LoginServer: pointer.String("*.azurecr.io"), 45 }, 46 }, 47 { 48 Name: pointer.String("bar"), 49 RegistryProperties: &containerregistry.RegistryProperties{ 50 LoginServer: pointer.String("*.azurecr.cn"), 51 }, 52 }, 53 { 54 Name: pointer.String("baz"), 55 RegistryProperties: &containerregistry.RegistryProperties{ 56 LoginServer: pointer.String("*.azurecr.de"), 57 }, 58 }, 59 { 60 Name: pointer.String("bus"), 61 RegistryProperties: &containerregistry.RegistryProperties{ 62 LoginServer: pointer.String("*.azurecr.us"), 63 }, 64 }, 65 } 66 67 provider := &acrProvider{ 68 cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}), 69 } 70 provider.loadConfig(bytes.NewBufferString(configStr)) 71 72 creds := provider.Provide("foo.azurecr.io/nginx:v1") 73 74 if len(creds) != len(result)+1 { 75 t.Errorf("Unexpected list: %v, expected length %d", creds, len(result)+1) 76 } 77 for _, cred := range creds { 78 if cred.Username != "" && cred.Username != "foo" { 79 t.Errorf("expected 'foo' for username, saw: %v", cred.Username) 80 } 81 if cred.Password != "" && cred.Password != "bar" { 82 t.Errorf("expected 'bar' for password, saw: %v", cred.Username) 83 } 84 } 85 for _, val := range result { 86 registryName := getLoginServer(val) 87 if _, found := creds[registryName]; !found { 88 t.Errorf("Missing expected registry: %s", registryName) 89 } 90 } 91 } 92 93 func TestProvide(t *testing.T) { 94 testCases := []struct { 95 desc string 96 image string 97 configStr string 98 expectedCredsLength int 99 }{ 100 { 101 desc: "return multiple credentials using Service Principal", 102 image: "foo.azurecr.io/bar/image:v1", 103 configStr: ` 104 { 105 "aadClientId": "foo", 106 "aadClientSecret": "bar" 107 }`, 108 expectedCredsLength: 5, 109 }, 110 { 111 desc: "retuen 0 credential for non-ACR image using Managed Identity", 112 image: "busybox", 113 configStr: ` 114 { 115 "UseManagedIdentityExtension": true 116 }`, 117 expectedCredsLength: 0, 118 }, 119 } 120 121 for i, test := range testCases { 122 provider := &acrProvider{ 123 cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}), 124 } 125 provider.loadConfig(bytes.NewBufferString(test.configStr)) 126 127 creds := provider.Provide(test.image) 128 assert.Equal(t, test.expectedCredsLength, len(creds), "TestCase[%d]: %s", i, test.desc) 129 } 130 } 131 132 func TestParseACRLoginServerFromImage(t *testing.T) { 133 configStr := ` 134 { 135 "aadClientId": "foo", 136 "aadClientSecret": "bar" 137 }` 138 139 provider := &acrProvider{} 140 provider.loadConfig(bytes.NewBufferString(configStr)) 141 provider.environment = &azure.Environment{ 142 ContainerRegistryDNSSuffix: ".azurecr.my.cloud", 143 } 144 tests := []struct { 145 image string 146 expected string 147 }{ 148 { 149 image: "invalidImage", 150 expected: "", 151 }, 152 { 153 image: "docker.io/library/busybox:latest", 154 expected: "", 155 }, 156 { 157 image: "foo.azurecr.io/bar/image:version", 158 expected: "foo.azurecr.io", 159 }, 160 { 161 image: "foo.azurecr.cn/bar/image:version", 162 expected: "foo.azurecr.cn", 163 }, 164 { 165 image: "foo.azurecr.de/bar/image:version", 166 expected: "foo.azurecr.de", 167 }, 168 { 169 image: "foo.azurecr.us/bar/image:version", 170 expected: "foo.azurecr.us", 171 }, 172 { 173 image: "foo.azurecr.my.cloud/bar/image:version", 174 expected: "foo.azurecr.my.cloud", 175 }, 176 } 177 for _, test := range tests { 178 if loginServer := provider.parseACRLoginServerFromImage(test.image); loginServer != test.expected { 179 t.Errorf("function parseACRLoginServerFromImage returns \"%s\" for image %s, expected \"%s\"", loginServer, test.image, test.expected) 180 } 181 } 182 }