[release-1.31] chore: Downgrade MSAL from v1.5.0 to v1.4.2, together with other depe… (#9608)

* chore: Downgrade MSAL from v1.5.0 to v1.4.2, together with other dependencies

* fix: Consider ipv6 single stack case when checking pip name and pip prefix id

Author: nilo19

go.mod

@@ -72,7 +72,7 @@ require (
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/msi-dataplane v0.4.3 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect

go.sum

@@ -78,8 +78,8 @@ github.com/Azure/msi-dataplane v0.4.3 h1:dWPWzY4b54tLIR9T1Q014Xxd/1DxOsMIp6EjRFA
 github.com/Azure/msi-dataplane v0.4.3/go.mod h1:yAfxdJyvcnvSDfSyOFV9qm4fReEQDl+nZLGeH2ZWSmw=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 h1:XkkQbfMyuH2jTSjQjSoihryI8GINRcs4xp8lNawg0FI=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=

pkg/provider/azure_loadbalancer_test.go

@@ -2458,6 +2458,8 @@ func TestDeterminePublicIPName(t *testing.T) {
 		expectedPIPName string
 		expectedError   bool
 		isIPv6          bool
+		serviceIPv6     bool
+		annotations     map[string]string
 	}{
 		{
 			desc: "determinePublicIpName shall get public IP from az.getPublicIPName if no specific " +
@@ -2486,12 +2488,22 @@ func TestDeterminePublicIPName(t *testing.T) {
 			expectedPIPName: "pipName",
 			expectedError:   false,
 		},
+		{
+			desc: "determinePublicIpName shall use IPv6 pip annotation for IPv6 single stack service",
+			annotations: map[string]string{
+				consts.ServiceAnnotationPIPNameDualStack[true]: "service-lb-public-IP3dbe-v6",
+			},
+			expectedPIPName: "service-lb-public-IP3dbe-v6",
+			isIPv6:          true,
+			serviceIPv6:     true,
+			expectedError:   false,
+		},
 	}
 
 	for _, test := range testCases {
 		t.Run(test.desc, func(t *testing.T) {
 			az := GetTestCloud(ctrl)
-			service := getTestService("test1", v1.ProtocolTCP, nil, false, 80)
+			service := getTestService("test1", v1.ProtocolTCP, test.annotations, test.serviceIPv6, 80)
 			setServiceLoadBalancerIP(&service, test.loadBalancerIP)
 
 			mockPIPsClient := az.PublicIPAddressesClient.(*mockpublicipclient.MockInterface)

pkg/provider/azure_utils.go

@@ -391,6 +391,12 @@ func getServicePIPName(service *v1.Service, isIPv6 bool) string {
 	}
 
 	if !isServiceDualStack(service) {
+		v4Enabled, v6Enabled := getIPFamiliesEnabled(service)
+		if isIPv6 && v6Enabled && !v4Enabled {
+			if name := service.Annotations[consts.ServiceAnnotationPIPNameDualStack[true]]; name != "" {
+				return name
+			}
+		}
 		return service.Annotations[consts.ServiceAnnotationPIPNameDualStack[false]]
 	}
 
@@ -411,6 +417,12 @@ func getServicePIPPrefixID(service *v1.Service, isIPv6 bool) string {
 	}
 
 	if !isServiceDualStack(service) {
+		v4Enabled, v6Enabled := getIPFamiliesEnabled(service)
+		if isIPv6 && v6Enabled && !v4Enabled {
+			if id := service.Annotations[consts.ServiceAnnotationPIPPrefixIDDualStack[true]]; id != "" {
+				return id
+			}
+		}
 		return service.Annotations[consts.ServiceAnnotationPIPPrefixIDDualStack[false]]
 	}
 

pkg/provider/azure_utils_test.go

@@ -798,7 +798,7 @@ func TestGetServicePIPName(t *testing.T) {
 			&v1.Service{
 				ObjectMeta: metav1.ObjectMeta{
 					Annotations: map[string]string{
-						consts.ServiceAnnotationPIPNameDualStack[false]: "pip-name-ipv6",
+						consts.ServiceAnnotationPIPNameDualStack[true]: "pip-name-ipv6",
 					},
 				},
 				Spec: v1.ServiceSpec{
@@ -840,6 +840,21 @@ func TestGetServicePIPName(t *testing.T) {
 			true,
 			"pip-name-ipv6",
 		},
+		{
+			"From ServiceAnnotationPIPName IPv6 single stack fallback",
+			&v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						consts.ServiceAnnotationPIPNameDualStack[false]: "pip-name-ipv6",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					IPFamilies: []v1.IPFamily{v1.IPv6Protocol},
+				},
+			},
+			true,
+			"pip-name-ipv6",
+		},
 	}
 	for _, tc := range testcases {
 		t.Run(tc.desc, func(t *testing.T) {
@@ -876,7 +891,7 @@ func TestGetServicePIPPrefixID(t *testing.T) {
 			&v1.Service{
 				ObjectMeta: metav1.ObjectMeta{
 					Annotations: map[string]string{
-						consts.ServiceAnnotationPIPPrefixIDDualStack[false]: "pip-prefix-id-ipv6",
+						consts.ServiceAnnotationPIPPrefixIDDualStack[true]: "pip-prefix-id-ipv6",
 					},
 				},
 				Spec: v1.ServiceSpec{
@@ -918,6 +933,21 @@ func TestGetServicePIPPrefixID(t *testing.T) {
 			true,
 			"pip-prefix-id-ipv6",
 		},
+		{
+			"From ServiceAnnotationPIPPrefixIDDualStack IPv6 single stack fallback",
+			&v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						consts.ServiceAnnotationPIPPrefixIDDualStack[false]: "pip-prefix-id-ipv6",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					IPFamilies: []v1.IPFamily{v1.IPv6Protocol},
+				},
+			},
+			true,
+			"pip-prefix-id-ipv6",
+		},
 	}
 	for _, tc := range testcases {
 		t.Run(tc.desc, func(t *testing.T) {
@@ -927,6 +957,22 @@ func TestGetServicePIPPrefixID(t *testing.T) {
 	}
 }
 
+func TestGetServicePIPNames(t *testing.T) {
+	svc := &v1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Annotations: map[string]string{
+				consts.ServiceAnnotationPIPNameDualStack[true]: "pip-name-ipv6",
+			},
+		},
+		Spec: v1.ServiceSpec{
+			IPFamilies: []v1.IPFamily{v1.IPv6Protocol},
+		},
+	}
+
+	names := getServicePIPNames(svc)
+	assert.Equal(t, []string{"", "pip-name-ipv6"}, names)
+}
+
 func TestGetResourceByIPFamily(t *testing.T) {
 	testcases := []struct {
 		desc             string

vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/local/server.go

@@ -162,7 +162,7 @@ github.com/Azure/go-autorest/tracing
 github.com/Azure/msi-dataplane/pkg/dataplane
 github.com/Azure/msi-dataplane/pkg/dataplane/internal/challenge
 github.com/Azure/msi-dataplane/pkg/dataplane/internal/client
-# github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0
+# github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2
 ## explicit; go 1.18
 github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache
 github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential