Clarify purpose of getSingleExplicitIdentity function

Adds a comment and unit tests indicating its usage
Azure · Oct 2, 2024 · 37a3bea · 37a3bea
1 parent 1205d4b
commit 37a3bea
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 14 deletions.
diff --git a/pkg/cluster/clustermsi.go b/pkg/cluster/clustermsi.go
@@ -204,12 +204,15 @@ func (m *manager) clusterIdentityIDs(ctx context.Context) error {
 	return err
 }
 
+// We expect the GetUserAssignedIdentities request to only ever be made for one identity
+// at a time (the cluster MSI) and thus we expect the response to only contain a single
+// identity's details.
 func getSingleExplicitIdentity(msiCredObj *dataplane.UserAssignedIdentities) (*swagger.NestedCredentialsObject, error) {
-	if msiCredObj.CredentialsObject.ExplicitIdentities == nil ||
-		len(msiCredObj.CredentialsObject.ExplicitIdentities) == 0 ||
-		msiCredObj.CredentialsObject.ExplicitIdentities[0] == nil {
+	if msiCredObj.ExplicitIdentities == nil ||
+		len(msiCredObj.ExplicitIdentities) == 0 ||
+		msiCredObj.ExplicitIdentities[0] == nil {
 		return nil, errClusterMsiNotPresentInResponse
 	}
 
-	return msiCredObj.CredentialsObject.ExplicitIdentities[0], nil
+	return msiCredObj.ExplicitIdentities[0], nil
 }
diff --git a/pkg/cluster/clustermsi_test.go b/pkg/cluster/clustermsi_test.go
@@ -1,14 +1,17 @@
 package cluster
 
-// Copyright (c) Microsoft Corporation.
-// Licensed under the Apache License 2.0.
-
 import (
 	"context"
 	"fmt"
 	"strings"
 	"testing"
 
+	"github.com/Azure/ARO-RP/pkg/api"
+	"github.com/Azure/ARO-RP/pkg/env"
+	"github.com/Azure/ARO-RP/pkg/frontend/middleware"
+	mock_env "github.com/Azure/ARO-RP/pkg/util/mocks/env"
+	testdatabase "github.com/Azure/ARO-RP/test/database"
+	utilerror "github.com/Azure/ARO-RP/test/util/error"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
@@ -19,13 +22,6 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/mock/gomock"
-
-	"github.com/Azure/ARO-RP/pkg/api"
-	"github.com/Azure/ARO-RP/pkg/env"
-	"github.com/Azure/ARO-RP/pkg/frontend/middleware"
-	mock_env "github.com/Azure/ARO-RP/pkg/util/mocks/env"
-	testdatabase "github.com/Azure/ARO-RP/test/database"
-	utilerror "github.com/Azure/ARO-RP/test/util/error"
 )
 
 func TestEnsureClusterMsiCertificate(t *testing.T) {
@@ -536,3 +532,99 @@ Response contained no body
 		})
 	}
 }
+
+func TestGetSingleExplicitIdentity(t *testing.T) {
+	placeholderString := "placeholder"
+	validIdentity := &swagger.NestedCredentialsObject{
+		ClientID:                   &placeholderString,
+		ClientSecret:               &placeholderString,
+		TenantID:                   &placeholderString,
+		ResourceID:                 &placeholderString,
+		AuthenticationEndpoint:     &placeholderString,
+		CannotRenewAfter:           &placeholderString,
+		ClientSecretURL:            &placeholderString,
+		MtlsAuthenticationEndpoint: &placeholderString,
+		NotAfter:                   &placeholderString,
+		NotBefore:                  &placeholderString,
+		RenewAfter:                 &placeholderString,
+		CustomClaims: &swagger.CustomClaims{
+			XMSAzNwperimid: []*string{&placeholderString},
+			XMSAzTm:        &placeholderString,
+		},
+		ObjectID: &placeholderString,
+	}
+
+	type args struct {
+		msiCredObj *dataplane.UserAssignedIdentities
+	}
+	tests := []struct {
+		name       string
+		msiCredObj *dataplane.UserAssignedIdentities
+		want       *swagger.NestedCredentialsObject
+		wantErr    string
+	}{
+		{
+			name:       "ExplicitIdentities nil, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{},
+			wantErr:    errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities empty, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{},
+					},
+				},
+			},
+			wantErr: errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities first element is nil, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{
+							nil,
+						},
+					},
+				},
+			},
+			wantErr: errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities first element is nil, returns error",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{
+							nil,
+						},
+					},
+				},
+			},
+			wantErr: errClusterMsiNotPresentInResponse.Error(),
+		},
+		{
+			name: "ExplicitIdentities first element is valid, returns it",
+			msiCredObj: &dataplane.UserAssignedIdentities{
+				CredentialsObject: dataplane.CredentialsObject{
+					CredentialsObject: swagger.CredentialsObject{
+						ExplicitIdentities: []*swagger.NestedCredentialsObject{
+							validIdentity,
+						},
+					},
+				},
+			},
+			want: validIdentity,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := getSingleExplicitIdentity(tt.msiCredObj)
+
+			assert.Equal(t, tt.want, got)
+			utilerror.AssertErrorMessage(t, err, tt.wantErr)
+		})
+	}
+}