Clarify purpose of getSingleExplicitIdentity function

Adds a comment and unit tests indicating its usage
Azure · Oct 2, 2024 · 1ece0d9 · 1ece0d9
1 parent 1205d4b
commit 1ece0d9
Show file tree

Hide file tree

Showing 2 changed files with 99 additions and 4 deletions.
diff --git a/pkg/cluster/clustermsi.go b/pkg/cluster/clustermsi.go
@@ -204,12 +204,15 @@ func (m *manager) clusterIdentityIDs(ctx context.Context) error {
 	return err
 }
 
+// We expect the GetUserAssignedIdentities request to only ever be made for one identity
+// at a time (the cluster MSI) and thus we expect the response to only contain a single
+// identity's details.
 func getSingleExplicitIdentity(msiCredObj *dataplane.UserAssignedIdentities) (*swagger.NestedCredentialsObject, error) {
-	if msiCredObj.CredentialsObject.ExplicitIdentities == nil ||
-		len(msiCredObj.CredentialsObject.ExplicitIdentities) == 0 ||
-		msiCredObj.CredentialsObject.ExplicitIdentities[0] == nil {
+	if msiCredObj.ExplicitIdentities == nil ||
+		len(msiCredObj.ExplicitIdentities) == 0 ||
+		msiCredObj.ExplicitIdentities[0] == nil {
 		return nil, errClusterMsiNotPresentInResponse
 	}
 
-	return msiCredObj.CredentialsObject.ExplicitIdentities[0], nil
+	return msiCredObj.ExplicitIdentities[0], nil
 }
diff --git a/pkg/cluster/clustermsi_test.go b/pkg/cluster/clustermsi_test.go
@@ -536,3 +536,95 @@ Response contained no body
 		})
 	}
 }
+
+func TestGetSingleExplicitIdentity(t *testing.T) {
+	placeholderString := "placeholder"
+	validIdentity := &swagger.NestedCredentialsObject{
+		ClientID:                   &placeholderString,
+		ClientSecret:               &placeholderString,
+		TenantID:                   &placeholderString,
+		ResourceID:                 &placeholderString,
+		AuthenticationEndpoint:     &placeholderString,
+		CannotRenewAfter:           &placeholderString,
+		ClientSecretURL:            &placeholderString,
+		MtlsAuthenticationEndpoint: &placeholderString,
+		NotAfter:                   &placeholderString,
+		NotBefore:                  &placeholderString,
+		RenewAfter:                 &placeholderString,
+		CustomClaims: &swagger.CustomClaims{
+			XMSAzNwperimid: []*string{&placeholderString},
+			XMSAzTm:        &placeholderString,
+		},
+		ObjectID: &placeholderString,
+	}
+
+	for _, tt := range []struct {
+		name       string
+		msiCredObj *dataplane.UserAssignedIdentities
+		want       *swagger.NestedCredentialsObject
+		wantErr    string
+	}{
+		{
+			name:       "ExplicitIdentities nil, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{},
+			wantErr:    errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities empty, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{},
+					},
+				},
+			},
+			wantErr: errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities first element is nil, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{
+							nil,
+						},
+					},
+				},
+			},
+			wantErr: errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities first element is nil, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{
+							nil,
+						},
+					},
+				},
+			},
+			wantErr: errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities first element is valid, returns it",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{
+							validIdentity,
+						},
+					},
+				},
+			},
+			want: validIdentity,
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := getSingleExplicitIdentity(tt.msiCredObj)
+
+			assert.Equal(t, tt.want, got)
+			utilerror.AssertErrorMessage(t, err, tt.wantErr)
+		})
+	}
+}