Skip to content

Commit 9c22ff1

Browse files
authored
Merge pull request kubernetes#80841 from rjaini/azs_adfs
feat: enhance Azure cloud provider code to support both AAD and ADFS authentication.
2 parents d9ec8ee + 14b648d commit 9c22ff1

File tree

1 file changed

+13
-1
lines changed
  • staging/src/k8s.io/legacy-cloud-providers/azure/auth

1 file changed

+13
-1
lines changed

staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ import (
2121
"crypto/x509"
2222
"fmt"
2323
"io/ioutil"
24+
"strings"
2425

2526
"github.com/Azure/go-autorest/autorest/adal"
2627
"github.com/Azure/go-autorest/autorest/azure"
@@ -31,6 +32,8 @@ import (
3132
var (
3233
// ErrorNoAuth indicates that no credentials are provided.
3334
ErrorNoAuth = fmt.Errorf("no credentials provided for Azure cloud provider")
35+
// ADFSIdentitySystem indicates value of tenantId for ADFS on Azure Stack.
36+
ADFSIdentitySystem = "ADFS"
3437
)
3538

3639
// AzureAuthConfig holds auth related part of cloud config
@@ -55,10 +58,19 @@ type AzureAuthConfig struct {
5558
UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"`
5659
// The ID of the Azure Subscription that the cluster is deployed in
5760
SubscriptionID string `json:"subscriptionId,omitempty" yaml:"subscriptionId,omitempty"`
61+
// Identity system value for the deployment. This gets populate for Azure Stack case.
62+
IdentitySystem string `json:"identitySystem,omitempty" yaml:"identitySystem,omitempty"`
5863
}
5964

6065
// GetServicePrincipalToken creates a new service principal token based on the configuration
6166
func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (*adal.ServicePrincipalToken, error) {
67+
var tenantID string
68+
if strings.EqualFold(config.IdentitySystem, ADFSIdentitySystem) {
69+
tenantID = "adfs"
70+
} else {
71+
tenantID = config.TenantID
72+
}
73+
6274
if config.UseManagedIdentityExtension {
6375
klog.V(2).Infoln("azure: using managed identity extension to retrieve access token")
6476
msiEndpoint, err := adal.GetMSIVMEndpoint()
@@ -77,7 +89,7 @@ func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (
7789
env.ServiceManagementEndpoint)
7890
}
7991

80-
oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, config.TenantID)
92+
oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenantID)
8193
if err != nil {
8294
return nil, fmt.Errorf("creating the OAuth config: %v", err)
8395
}

0 commit comments

Comments
 (0)