mirror of https://github.com/kubernetes/kops.git
azure: Verify VM ID when registering nodes
This commit is contained in:
Ciprian Hacman
parent
15b44bad52
commit
576ef5ea48
|
|
@ -43,23 +43,28 @@ func (h *azureAuthenticator) CreateToken(body []byte) (string, error) {
|
|||
return "", fmt.Errorf("querying instance metadata: %w", err)
|
||||
}
|
||||
|
||||
vmId := m.Compute.VMID
|
||||
if vmId == "" {
|
||||
return "", fmt.Errorf("missing virtual machine ID")
|
||||
}
|
||||
|
||||
// The fully qualified VMSS VM resource ID format is:
|
||||
// /subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP_NAME/providers/Microsoft.Compute/virtualMachineScaleSets/VMSS_NAME/virtualMachines/VMSS_INDEX
|
||||
r := strings.Split(m.Compute.ResourceID, "/")
|
||||
if len(r) != 11 || r[7] != "virtualMachineScaleSets" || r[9] != "virtualMachines" {
|
||||
return "", fmt.Errorf("unexpected resource ID format: %q", m.Compute.ResourceID)
|
||||
}
|
||||
|
||||
vmssName := r[8]
|
||||
vmssIndex := r[10]
|
||||
|
||||
return AzureAuthenticationTokenPrefix + vmssName + " " + vmssIndex, nil
|
||||
return AzureAuthenticationTokenPrefix + vmId + " " + vmssName + " " + vmssIndex, nil
|
||||
}
|
||||
|
||||
type instanceComputeMetadata struct {
|
||||
ResourceGroupName string `json:"resourceGroupName"`
|
||||
ResourceID string `json:"resourceId"`
|
||||
SubscriptionID string `json:"subscriptionId"`
|
||||
VMID string `json:"vmId"`
|
||||
}
|
||||
|
||||
type instanceMetadata struct {
|
||||
|
|
|
|||
|
|
@ -58,16 +58,23 @@ func (a azureVerifier) VerifyToken(ctx context.Context, rawRequest *http.Request
|
|||
}
|
||||
|
||||
v := strings.Split(strings.TrimPrefix(token, AzureAuthenticationTokenPrefix), " ")
|
||||
if len(v) != 2 {
|
||||
if len(v) != 3 {
|
||||
return nil, fmt.Errorf("incorrect token format")
|
||||
}
|
||||
vmssName := v[0]
|
||||
vmssIndex := v[1]
|
||||
vmId := v[0]
|
||||
vmssName := v[1]
|
||||
vmssIndex := v[2]
|
||||
|
||||
vm, err := a.client.vmsClient.Get(ctx, a.client.resourceGroup, vmssName, vmssIndex, "")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("getting info for VMSS virtual machine %q #%s: %w", vmssName, vmssIndex, err)
|
||||
}
|
||||
if vm.VMID == nil {
|
||||
return nil, fmt.Errorf("determining VMID for VMSS %q virtual machine #%s", vmssName, vmssIndex)
|
||||
}
|
||||
if vmId != *vm.VMID {
|
||||
return nil, fmt.Errorf("matching VMID %q for VMSS %q virtual machine #%s", vmId, vmssName, vmssIndex)
|
||||
}
|
||||
if vm.OsProfile == nil || *vm.OsProfile.ComputerName == "" {
|
||||
return nil, fmt.Errorf("determining ComputerName for VMSS %q virtual machine #%s", vmssName, vmssIndex)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue