diff --git a/kubernetes/base/config/kube_config.py b/kubernetes/base/config/kube_config.py index 00623a3401..fc88f7f1fa 100644 --- a/kubernetes/base/config/kube_config.py +++ b/kubernetes/base/config/kube_config.py @@ -37,11 +37,6 @@ from .config_exception import ConfigException from .dateutil import UTC, format_rfc3339, parse_rfc3339 -try: - import adal -except ImportError: - pass - try: import google.auth import google.auth.transport.requests @@ -318,55 +313,10 @@ def _load_auth_provider_token(self): return if provider['name'] == 'gcp': return self._load_gcp_token(provider) - if provider['name'] == 'azure': - return self._load_azure_token(provider) if provider['name'] == 'oidc': return self._load_oid_token(provider) - def _azure_is_expired(self, provider): - expires_on = provider['config']['expires-on'] - if expires_on.isdigit(): - return int(expires_on) < time.time() - else: - exp_time = time.strptime(expires_on, '%Y-%m-%d %H:%M:%S.%f') - return exp_time < time.gmtime() - - def _load_azure_token(self, provider): - if 'config' not in provider: - return - if 'access-token' not in provider['config']: - return - if 'expires-on' in provider['config']: - if self._azure_is_expired(provider): - self._refresh_azure_token(provider['config']) - self.token = 'Bearer %s' % provider['config']['access-token'] - return self.token - def _refresh_azure_token(self, config): - if 'adal' not in globals(): - raise ImportError('refresh token error, adal library not imported') - - tenant = config['tenant-id'] - authority = 'https://login.microsoftonline.com/{}'.format(tenant) - context = adal.AuthenticationContext( - authority, validate_authority=True, api_version='1.0' - ) - refresh_token = config['refresh-token'] - client_id = config['client-id'] - apiserver_id = '00000002-0000-0000-c000-000000000000' - try: - apiserver_id = config['apiserver-id'] - except ConfigException: - # We've already set a default above - pass - token_response = context.acquire_token_with_refresh_token( - refresh_token, client_id, apiserver_id) - - provider = self._user['auth-provider']['config'] - provider.value['access-token'] = token_response['accessToken'] - provider.value['expires-on'] = token_response['expiresOn'] - if self._config_persister: - self._config_persister() def _load_gcp_token(self, provider): if (('config' not in provider) or diff --git a/kubernetes/base/config/kube_config_test.py b/kubernetes/base/config/kube_config_test.py index 61a7065994..b8063009eb 100644 --- a/kubernetes/base/config/kube_config_test.py +++ b/kubernetes/base/config/kube_config_test.py @@ -135,10 +135,6 @@ def _raise_exception(st): TEST_OIDC_CA = _base64(TEST_CERTIFICATE_AUTH) -TEST_AZURE_LOGIN = TEST_OIDC_LOGIN -TEST_AZURE_TOKEN = "test-azure-token" -TEST_AZURE_TOKEN_FULL = "Bearer " + TEST_AZURE_TOKEN - class BaseTestCase(unittest.TestCase): @@ -464,41 +460,6 @@ class TestKubeConfigLoader(BaseTestCase): "user": "oidc" } }, - { - "name": "azure", - "context": { - "cluster": "default", - "user": "azure" - } - }, - { - "name": "azure_num", - "context": { - "cluster": "default", - "user": "azure_num" - } - }, - { - "name": "azure_str", - "context": { - "cluster": "default", - "user": "azure_str" - } - }, - { - "name": "azure_num_error", - "context": { - "cluster": "default", - "user": "azure_str_error" - } - }, - { - "name": "azure_str_error", - "context": { - "cluster": "default", - "user": "azure_str_error" - } - }, { "name": "expired_oidc", "context": { @@ -739,94 +700,6 @@ class TestKubeConfigLoader(BaseTestCase): } } }, - { - "name": "azure", - "user": { - "auth-provider": { - "config": { - "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "00000002-0000-0000-c000-" - "000000000000", - "environment": "AzurePublicCloud", - "refresh-token": "refreshToken", - "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" - }, - "name": "azure" - } - } - }, - { - "name": "azure_num", - "user": { - "auth-provider": { - "config": { - "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "00000002-0000-0000-c000-" - "000000000000", - "environment": "AzurePublicCloud", - "expires-in": "0", - "expires-on": "156207275", - "refresh-token": "refreshToken", - "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" - }, - "name": "azure" - } - } - }, - { - "name": "azure_str", - "user": { - "auth-provider": { - "config": { - "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "00000002-0000-0000-c000-" - "000000000000", - "environment": "AzurePublicCloud", - "expires-in": "0", - "expires-on": "2018-10-18 00:52:29.044727", - "refresh-token": "refreshToken", - "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" - }, - "name": "azure" - } - } - }, - { - "name": "azure_str_error", - "user": { - "auth-provider": { - "config": { - "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "00000002-0000-0000-c000-" - "000000000000", - "environment": "AzurePublicCloud", - "expires-in": "0", - "expires-on": "2018-10-18 00:52", - "refresh-token": "refreshToken", - "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" - }, - "name": "azure" - } - } - }, - { - "name": "azure_num_error", - "user": { - "auth-provider": { - "config": { - "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "00000002-0000-0000-c000-" - "000000000000", - "environment": "AzurePublicCloud", - "expires-in": "0", - "expires-on": "-1", - "refresh-token": "refreshToken", - "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" - }, - "name": "azure" - } - } - }, { "name": "expired_oidc", "user": { @@ -1193,45 +1066,6 @@ def test_oidc_fails_if_invalid_padding_length(self): None, ) - def test_azure_no_refresh(self): - loader = KubeConfigLoader( - config_dict=self.TEST_KUBE_CONFIG, - active_context="azure", - ) - self.assertTrue(loader._load_auth_provider_token()) - self.assertEqual(TEST_AZURE_TOKEN_FULL, loader.token) - - def test_azure_with_expired_num(self): - loader = KubeConfigLoader( - config_dict=self.TEST_KUBE_CONFIG, - active_context="azure_num", - ) - provider = loader._user['auth-provider'] - self.assertTrue(loader._azure_is_expired(provider)) - - def test_azure_with_expired_str(self): - loader = KubeConfigLoader( - config_dict=self.TEST_KUBE_CONFIG, - active_context="azure_str", - ) - provider = loader._user['auth-provider'] - self.assertTrue(loader._azure_is_expired(provider)) - - def test_azure_with_expired_str_error(self): - loader = KubeConfigLoader( - config_dict=self.TEST_KUBE_CONFIG, - active_context="azure_str_error", - ) - provider = loader._user['auth-provider'] - self.assertRaises(ValueError, loader._azure_is_expired, provider) - - def test_azure_with_expired_int_error(self): - loader = KubeConfigLoader( - config_dict=self.TEST_KUBE_CONFIG, - active_context="azure_num_error", - ) - provider = loader._user['auth-provider'] - self.assertRaises(ValueError, loader._azure_is_expired, provider) def test_user_pass(self): expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN) diff --git a/setup.py b/setup.py index d6d8de37cb..da01a2d5be 100644 --- a/setup.py +++ b/setup.py @@ -28,7 +28,6 @@ # http://pypi.python.org/pypi/setuptools EXTRAS = { - 'adal': ['adal>=1.0.2'], 'google-auth': ['google-auth>=1.0.1'] } REQUIRES = []