validate sp profile secret (#1187)

* validate sp profile secret

* added a check in v20170701

Author: weinong

pkg/api/v20170131/.validate.go.swp

@@ -100,6 +100,16 @@ func (a *Properties) Validate() error {
 		return e
 	}
 
+	if a.OrchestratorProfile.OrchestratorType == Kubernetes {
+		if a.ServicePrincipalProfile == nil {
+			return fmt.Errorf("ServicePrincipalProfile must be specified with Orchestrator %s", a.OrchestratorProfile.OrchestratorType)
+		}
+
+		if len(a.ServicePrincipalProfile.Secret) == 0 {
+			return fmt.Errorf("service principal client secret must be specified with Orchestrator %s", a.OrchestratorProfile.OrchestratorType)
+		}
+	}
+
 	for _, agentPoolProfile := range a.AgentPoolProfiles {
 		if e := agentPoolProfile.Validate(a.OrchestratorProfile.OrchestratorType); e != nil {
 			return e

pkg/api/v20170131/validate.go

@@ -0,0 +1,66 @@
+package v20170131
+
+import "testing"
+
+func Test_ServicePrincipalProfile_ValidateSecret(t *testing.T) {
+
+	t.Run("ServicePrincipalProfile is nil should fail", func(t *testing.T) {
+		p := getK8sDefaultProperties()
+		p.ServicePrincipalProfile = nil
+
+		if err := p.Validate(); err == nil {
+			t.Errorf("should error %v", err)
+		}
+	})
+
+	t.Run("ServicePrincipalProfile with secret should pass", func(t *testing.T) {
+		p := getK8sDefaultProperties()
+
+		if err := p.Validate(); err != nil {
+			t.Errorf("should not error %v", err)
+		}
+	})
+
+	t.Run("ServicePrincipalProfile with missing secret should pass", func(t *testing.T) {
+		p := getK8sDefaultProperties()
+		p.ServicePrincipalProfile.Secret = ""
+
+		if err := p.Validate(); err == nil {
+			t.Error("error should have occurred")
+		}
+	})
+
+}
+
+func getK8sDefaultProperties() *Properties {
+	return &Properties{
+		OrchestratorProfile: &OrchestratorProfile{
+			OrchestratorType: Kubernetes,
+		},
+		MasterProfile: &MasterProfile{
+			Count:     1,
+			DNSPrefix: "foo",
+		},
+		AgentPoolProfiles: []*AgentPoolProfile{
+			{
+				Name:   "agentpool",
+				VMSize: "Standard_D2_v2",
+				Count:  1,
+			},
+		},
+		LinuxProfile: &LinuxProfile{
+			AdminUsername: "azureuser",
+			SSH: struct {
+				PublicKeys []PublicKey `json:"publicKeys"`
+			}{
+				PublicKeys: []PublicKey{{
+					KeyData: "publickeydata",
+				}},
+			},
+		},
+		ServicePrincipalProfile: &ServicePrincipalProfile{
+			ClientID: "clientID",
+			Secret:   "clientSecret",
+		},
+	}
+}

pkg/api/v20170131/validate_test.go

@@ -133,6 +133,10 @@ func (a *Properties) Validate() error {
 	}
 
 	if a.OrchestratorProfile.OrchestratorType == Kubernetes {
+		if a.ServicePrincipalProfile == nil {
+			return fmt.Errorf("ServicePrincipalProfile must be specified with Orchestrator %s", a.OrchestratorProfile.OrchestratorType)
+		}
+
 		if (len(a.ServicePrincipalProfile.Secret) == 0 && len(a.ServicePrincipalProfile.KeyvaultSecretRef) == 0) ||
 			(len(a.ServicePrincipalProfile.Secret) != 0 && len(a.ServicePrincipalProfile.KeyvaultSecretRef) != 0) {
 			return fmt.Errorf("either the service principal client secret or keyvault secret reference must be specified with Orchestrator %s", a.OrchestratorProfile.OrchestratorType)

pkg/api/v20170701/validate.go

@@ -4,6 +4,15 @@ import "testing"
 
 func Test_ServicePrincipalProfile_ValidateSecretOrKeyvaultSecretRef(t *testing.T) {
 
+	t.Run("ServicePrincipalProfile is nil should fail", func(t *testing.T) {
+		p := getK8sDefaultProperties()
+		p.ServicePrincipalProfile = nil
+
+		if err := p.Validate(); err == nil {
+			t.Errorf("should error %v", err)
+		}
+	})
+
 	t.Run("ServicePrincipalProfile with secret should pass", func(t *testing.T) {
 		p := getK8sDefaultProperties()