It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc.

weinong · weinong · commit d1480ab49d60 · 2019-12-18T20:35:57.000-08:00
diff --git a/staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure.go b/staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure.go
@@ -287,7 +287,7 @@ func (ts *azureTokenSource) refreshToken(token *azureToken) (*azureToken, error)
 		return nil, err
 	}
 
-	oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID)
+	oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, token.tenantID, nil)
 	if err != nil {
 		return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err)
 	}
@@ -344,7 +344,7 @@ func newAzureTokenSourceDeviceCode(environment azure.Environment, clientID strin
 }
 
 func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) {
-	oauthConfig, err := adal.NewOAuthConfig(ts.environment.ActiveDirectoryEndpoint, ts.tenantID)
+	oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(ts.environment.ActiveDirectoryEndpoint, ts.tenantID, nil)
 	if err != nil {
 		return nil, fmt.Errorf("building the OAuth configuration for device code authentication: %v", err)
 	}
diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go b/staging/src/k8s.io/legacy-cloud-providers/azure/auth/azure_auth.go
@@ -97,7 +97,7 @@ func GetServicePrincipalToken(config *AzureAuthConfig, env *azure.Environment) (
 			env.ServiceManagementEndpoint)
 	}
 
-	oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenantID)
+	oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, tenantID, nil)
 	if err != nil {
 		return nil, fmt.Errorf("creating the OAuth config: %v", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -287,7 +287,7 @@ func (ts azureTokenSource) refreshToken(token azureToken) (*azureToken, error)`
`287`	`287`	`return nil, err`
`288`	`288`	`}`
`289`	`289`
`290`		`- oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID)`
	`290`	`+ oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, token.tenantID, nil)`
`291`	`291`	`if err != nil {`
`292`	`292`	`return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err)`
`293`	`293`	`}`
`@@ -344,7 +344,7 @@ func newAzureTokenSourceDeviceCode(environment azure.Environment, clientID strin`
`344`	`344`	`}`
`345`	`345`
`346`	`346`	`func (ts azureTokenSourceDeviceCode) Token() (azureToken, error) {`
`347`		`- oauthConfig, err := adal.NewOAuthConfig(ts.environment.ActiveDirectoryEndpoint, ts.tenantID)`
	`347`	`+ oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(ts.environment.ActiveDirectoryEndpoint, ts.tenantID, nil)`
`348`	`348`	`if err != nil {`
`349`	`349`	`return nil, fmt.Errorf("building the OAuth configuration for device code authentication: %v", err)`
`350`	`350`	`}`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ func GetServicePrincipalToken(config AzureAuthConfig, env azure.Environment) (`
`97`	`97`	`env.ServiceManagementEndpoint)`
`98`	`98`	`}`
`99`	`99`
`100`		`- oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenantID)`
	`100`	`+ oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, tenantID, nil)`
`101`	`101`	`if err != nil {`
`102`	`102`	`return nil, fmt.Errorf("creating the OAuth config: %v", err)`
`103`	`103`	`}`