22185616992

Committed 19 Feb 2026 02:21PM UTC coverage: 79.077% (-0.005%) from 79.082%

Build # 22185616992

Build Type

push

github

Committed by

OliverMKing

Commit Message

add msi externaldns e2e test

Run Details

4286 of 5420 relevant lines covered (79.08%)

24.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.83

/pkg/controller/dns/util.go

package dns

import (
        "context"
        "strings"

        "github.com/Azure/aks-app-routing-operator/api/v1alpha1"
        "github.com/Azure/aks-app-routing-operator/pkg/config"
        "github.com/Azure/aks-app-routing-operator/pkg/manifests"
        "github.com/Azure/aks-app-routing-operator/pkg/util"
        "github.com/hashicorp/go-multierror"
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
        "sigs.k8s.io/controller-runtime/pkg/client"
)

type ExternalDNSCRDConfiguration interface {
        GetTenantId() *string
        GetInputServiceAccount() string
        GetResourceNamespace() string
        GetInputResourceName() string
        GetResourceTypes() []string
        GetDnsZoneresourceIDs() []string
        GetFilters() *v1alpha1.ExternalDNSFilters
        GetNamespaced() bool
        GetIdentity() v1alpha1.ExternalDNSIdentity
        client.Object
}

func buildInputDNSConfig(e ExternalDNSCRDConfiguration, config *config.Config) manifests.InputExternalDNSConfig {
        identity := e.GetIdentity()

        // Determine identity type
        var identityType manifests.IdentityType
        var clientId string
        var serviceAccount string

        switch identity.Type {
        case v1alpha1.IdentityTypeManagedIdentity:
                identityType = manifests.IdentityTypeMSI
                clientId = identity.ClientID
        default: // workloadIdentity is the default
                identityType = manifests.IdentityTypeWorkloadIdentity
                serviceAccount = identity.ServiceAccount
        }

        ret := manifests.InputExternalDNSConfig{
                IdentityType:        identityType,
                ClientId:            clientId,
                InputServiceAccount: serviceAccount,
                Namespace:           e.GetResourceNamespace(),
                InputResourceName:   e.GetInputResourceName(),
                ResourceTypes:       extractResourceTypes(e.GetResourceTypes()),
                DnsZoneresourceIDs:  e.GetDnsZoneresourceIDs(),
                Filters:             e.GetFilters(),
                IsNamespaced:        e.GetNamespaced(),
                UID:                 string(e.GetUID()),
        }

        switch e.GetTenantId() {
        case nil:
                ret.TenantId = config.TenantID
        default:
                ret.TenantId = *e.GetTenantId()
        }

        return ret
}

func extractResourceTypes(resourceTypes []string) map[manifests.ResourceType]struct{} {
        ret := map[manifests.ResourceType]struct{}{}
        for _, rt := range resourceTypes {
                if strings.EqualFold(rt, manifests.ResourceTypeIngress.String()) {
                        ret[manifests.ResourceTypeIngress] = struct{}{}
                }
                if strings.EqualFold(rt, manifests.ResourceTypeGateway.String()) {
                        ret[manifests.ResourceTypeGateway] = struct{}{}
                }
        }

        return ret
}

func generateManifestsConf(config *config.Config, obj ExternalDNSCRDConfiguration) (*manifests.ExternalDnsConfig, error) {
        inputDNSConf := buildInputDNSConfig(obj, config)
        manifestsConf, err := manifests.NewExternalDNSConfig(config, inputDNSConf)
        if err != nil {
                return nil, util.NewUserError(err, "failed to generate ExternalDNS resources: "+err.Error())
        }

        return manifestsConf, nil
}

func deployExternalDNSResources(ctx context.Context, client client.Client, manifestsConf *manifests.ExternalDnsConfig, owners []metav1.OwnerReference) error {
        // create the ExternalDNS resources
        multiError := &multierror.Error{}

        for _, resource := range manifestsConf.Resources() {
                if resource.GetObjectKind().GroupVersionKind().Kind != "Namespace" { // don't want to set owner references in case we're generating the ns
                        resource.SetOwnerReferences(owners)
                }
                currentResourceErr := util.Upsert(ctx, client, resource)
                multiError = multierror.Append(multiError, currentResourceErr)
        }

        return multiError.ErrorOrNil()
}

// verifyIdentity verifies that the identity configuration is valid for the ExternalDNS resource.
// For workload identity, it validates that the service account exists and has the required annotation.
// For managed identity, no additional verification is needed as the clientID is validated by CRD schema.
func verifyIdentity(ctx context.Context, k8sclient client.Client, obj ExternalDNSCRDConfiguration) error {
        identity := obj.GetIdentity()

        // For workload identity (or default/empty which defaults to workload identity),
        // verify the service account exists and has the required annotation
        if identity.Type != v1alpha1.IdentityTypeManagedIdentity {
                _, err := util.GetServiceAccountWorkloadIdentityClientId(ctx, k8sclient, identity.ServiceAccount, obj.GetResourceNamespace())
                return err
        }

        return nil
}

1	package dns
2
3	import (
4	"context"
5	"strings"
6
7	"github.com/Azure/aks-app-routing-operator/api/v1alpha1"
8	"github.com/Azure/aks-app-routing-operator/pkg/config"
9	"github.com/Azure/aks-app-routing-operator/pkg/manifests"
10	"github.com/Azure/aks-app-routing-operator/pkg/util"
11	"github.com/hashicorp/go-multierror"
12	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
13	"sigs.k8s.io/controller-runtime/pkg/client"
14	)
15
16	type ExternalDNSCRDConfiguration interface {
17	GetTenantId() *string
18	GetInputServiceAccount() string
19	GetResourceNamespace() string
20	GetInputResourceName() string
21	GetResourceTypes() []string
22	GetDnsZoneresourceIDs() []string
23	GetFilters() *v1alpha1.ExternalDNSFilters
24	GetNamespaced() bool
25	GetIdentity() v1alpha1.ExternalDNSIdentity
26	client.Object
27	}
28
29	func buildInputDNSConfig(e ExternalDNSCRDConfiguration, config *config.Config) manifests.InputExternalDNSConfig {	17✔
30	identity := e.GetIdentity()	17✔
31		17✔
32	// Determine identity type	17✔
33	var identityType manifests.IdentityType	17✔
34	var clientId string	17✔
35	var serviceAccount string	17✔
36		17✔
37	switch identity.Type {	17✔
38	case v1alpha1.IdentityTypeManagedIdentity:	×
39	identityType = manifests.IdentityTypeMSI	×
40	clientId = identity.ClientID	×
41	default: // workloadIdentity is the default	17✔
42	identityType = manifests.IdentityTypeWorkloadIdentity	17✔
43	serviceAccount = identity.ServiceAccount	17✔
44	}
45
46	ret := manifests.InputExternalDNSConfig{	17✔
47	IdentityType: identityType,	17✔
48	ClientId: clientId,	17✔
49	InputServiceAccount: serviceAccount,	17✔
50	Namespace: e.GetResourceNamespace(),	17✔
51	InputResourceName: e.GetInputResourceName(),	17✔
52	ResourceTypes: extractResourceTypes(e.GetResourceTypes()),	17✔
53	DnsZoneresourceIDs: e.GetDnsZoneresourceIDs(),	17✔
54	Filters: e.GetFilters(),	17✔
55	IsNamespaced: e.GetNamespaced(),	17✔
56	UID: string(e.GetUID()),	17✔
57	}	17✔
58		17✔
59	switch e.GetTenantId() {	17✔
60	case nil:	4✔
61	ret.TenantId = config.TenantID	4✔
62	default:	13✔
63	ret.TenantId = *e.GetTenantId()	13✔
64	}
65
66	return ret	17✔
67	}
68
69	func extractResourceTypes(resourceTypes []string) map[manifests.ResourceType]struct{} {	20✔
70	ret := map[manifests.ResourceType]struct{}{}	20✔
71	for _, rt := range resourceTypes {	59✔
72	if strings.EqualFold(rt, manifests.ResourceTypeIngress.String()) {	58✔
73	ret[manifests.ResourceTypeIngress] = struct{}{}	19✔
74	}	19✔
75	if strings.EqualFold(rt, manifests.ResourceTypeGateway.String()) {	58✔
76	ret[manifests.ResourceTypeGateway] = struct{}{}	19✔
77	}	19✔
78	}
79
80	return ret	20✔
81	}
82
83	func generateManifestsConf(config config.Config, obj ExternalDNSCRDConfiguration) (manifests.ExternalDnsConfig, error) {	15✔
84	inputDNSConf := buildInputDNSConfig(obj, config)	15✔
85	manifestsConf, err := manifests.NewExternalDNSConfig(config, inputDNSConf)	15✔
86	if err != nil {	17✔
87	return nil, util.NewUserError(err, "failed to generate ExternalDNS resources: "+err.Error())	2✔
88	}	2✔
89
90	return manifestsConf, nil	13✔
91	}
92
93	func deployExternalDNSResources(ctx context.Context, client client.Client, manifestsConf *manifests.ExternalDnsConfig, owners []metav1.OwnerReference) error {	11✔
94	// create the ExternalDNS resources	11✔
95	multiError := &multierror.Error{}	11✔
96		11✔
97	for _, resource := range manifestsConf.Resources() {	88✔
98	if resource.GetObjectKind().GroupVersionKind().Kind != "Namespace" { // don't want to set owner references in case we're generating the ns	143✔
99	resource.SetOwnerReferences(owners)	66✔
100	}	66✔
101	currentResourceErr := util.Upsert(ctx, client, resource)	77✔
102	multiError = multierror.Append(multiError, currentResourceErr)	77✔
103	}
104
105	return multiError.ErrorOrNil()	11✔
106	}
107
108	// verifyIdentity verifies that the identity configuration is valid for the ExternalDNS resource.
109	// For workload identity, it validates that the service account exists and has the required annotation.
110	// For managed identity, no additional verification is needed as the clientID is validated by CRD schema.
111	func verifyIdentity(ctx context.Context, k8sclient client.Client, obj ExternalDNSCRDConfiguration) error {	22✔
112	identity := obj.GetIdentity()	22✔
113		22✔
114	// For workload identity (or default/empty which defaults to workload identity),	22✔
115	// verify the service account exists and has the required annotation	22✔
116	if identity.Type != v1alpha1.IdentityTypeManagedIdentity {	43✔
117	_, err := util.GetServiceAccountWorkloadIdentityClientId(ctx, k8sclient, identity.ServiceAccount, obj.GetResourceNamespace())	21✔
118	return err	21✔
119	}	21✔
120
121	return nil	1✔
122	}

Azure / aks-app-routing-operator / 22185616992

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous