-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add credential_type plugin config (#157)
Feat: - added creential_type plugin config key - supported credential type: default, environment, managedidentity, azurecli Test: - unit test cases - e2e test cases - tested environment credential, workload identity credential, managed identity in pod of AKS - tested Azure cli credential locally Resolves #146 #154 Signed-off-by: Junjie Gao <[email protected]> --------- Signed-off-by: Junjie Gao <[email protected]>
- Loading branch information
Showing
9 changed files
with
244 additions
and
25 deletions.
There are no files selected for viewing
52 changes: 52 additions & 0 deletions
52
Notation.Plugin.AzureKeyVault.Tests/KeyVault/CredentialsTests.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
using Xunit; | ||
using Azure.Core; | ||
using System.Collections.Generic; | ||
using Notation.Plugin.Protocol; | ||
|
||
namespace Notation.Plugin.AzureKeyVault.Credential.Tests | ||
{ | ||
public class CredentialsTests | ||
{ | ||
[Theory] | ||
[InlineData("default")] | ||
[InlineData("environment")] | ||
[InlineData("workloadid")] | ||
[InlineData("managedid")] | ||
[InlineData("azurecli")] | ||
public void GetCredentials_WithValidCredentialType_ReturnsExpectedCredential(string credentialType) | ||
{ | ||
// Act | ||
var result = Credentials.GetCredentials(credentialType); | ||
|
||
// Assert | ||
Assert.IsAssignableFrom<TokenCredential>(result); | ||
} | ||
|
||
[Fact] | ||
public void GetCredentials_WithInvalidCredentialType_ThrowsValidationException() | ||
{ | ||
// Arrange | ||
string invalidCredentialType = "invalid"; | ||
|
||
// Act & Assert | ||
var ex = Assert.Throws<ValidationException>(() => Credentials.GetCredentials(invalidCredentialType)); | ||
Assert.Equal($"Invalid credential key: {invalidCredentialType}", ex.Message); | ||
} | ||
|
||
[Fact] | ||
public void GetCredentials_WithPluginConfig_ReturnsExpectedCredential() | ||
{ | ||
// Arrange | ||
var pluginConfig = new Dictionary<string, string> | ||
{ | ||
{ "credential_type", "default" } | ||
}; | ||
|
||
// Act | ||
var result = Credentials.GetCredentials(pluginConfig); | ||
|
||
// Assert | ||
Assert.IsAssignableFrom<TokenCredential>(result); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
using Azure.Core; | ||
using Azure.Identity; | ||
using Notation.Plugin.Protocol; | ||
|
||
namespace Notation.Plugin.AzureKeyVault.Credential | ||
{ | ||
public class Credentials | ||
{ | ||
/// <summary> | ||
/// Credential type key name in plugin config. | ||
/// </summary> | ||
public const string CredentialTypeKey = "credential_type"; | ||
/// <summary> | ||
/// Default credential name. | ||
/// </summary> | ||
public const string DefaultCredentialName = "default"; | ||
/// <summary> | ||
/// Environment credential name. | ||
/// </summary> | ||
public const string EnvironmentCredentialName = "environment"; | ||
/// <summary> | ||
/// Workload identity credential name. | ||
/// </summary> | ||
public const string WorkloadIdentityCredentialName = "workloadid"; | ||
/// <summary> | ||
/// Managed identity credential name. | ||
/// </summary> | ||
public const string ManagedIdentityCredentialName = "managedid"; | ||
/// <summary> | ||
/// Azure CLI credential name. | ||
/// </summary> | ||
public const string AzureCliCredentialName = "azurecli"; | ||
|
||
/// <summary> | ||
/// Get the credential based on the credential type. | ||
/// </summary> | ||
public static TokenCredential GetCredentials(string credentialType) | ||
{ | ||
credentialType = credentialType.ToLower(); | ||
switch (credentialType) | ||
{ | ||
case DefaultCredentialName: | ||
return new DefaultAzureCredential(); | ||
case EnvironmentCredentialName: | ||
return new EnvironmentCredential(); | ||
case WorkloadIdentityCredentialName: | ||
return new WorkloadIdentityCredential(); | ||
case ManagedIdentityCredentialName: | ||
return new ManagedIdentityCredential(); | ||
case AzureCliCredentialName: | ||
return new AzureCliCredential(); | ||
default: | ||
throw new ValidationException($"Invalid credential key: {credentialType}"); | ||
} | ||
} | ||
|
||
/// <summary> | ||
/// Get the credential based on the plugin config. | ||
/// </summary> | ||
public static TokenCredential GetCredentials(Dictionary<string, string>? pluginConfig) | ||
{ | ||
var credentialName = pluginConfig?.GetValueOrDefault(CredentialTypeKey, DefaultCredentialName) ?? | ||
DefaultCredentialName; | ||
return GetCredentials(credentialName); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.