remove refresh logic and add tests

lib/k8s/conn/auth/azure.ex

@@ -3,6 +3,7 @@ defmodule K8s.Conn.Auth.Azure do
   `auth-provider` for azure
   """
   alias K8s.Conn.RequestOptions
+  alias K8s.Conn.Error
   @behaviour K8s.Conn.Auth
 
   defstruct [:token]
@@ -18,10 +19,10 @@ defmodule K8s.Conn.Auth.Azure do
           "auth-provider" => %{
             "config" => %{
               "access-token" => token,
-              "tenant-id" => tenant,
+              "tenant-id" => _tenant,
               "expires-on" => expires_on,
-              "refresh-token" => refresh_token,
-              "client-id" => client_id,
+              "refresh-token" => _refresh_token,
+              "client-id" => _client_id,
               "apiserver-id" => _apiserver_id
             },
             "name" => "azure"
@@ -30,18 +31,9 @@ defmodule K8s.Conn.Auth.Azure do
         _
       ) do
     if parse_expires(expires_on) <= DateTime.utc_now() do
-      # TODO current we don't have access to the credential file,
-      # so we wont be able to write the refresh token back into this,
-      # hence we will request a new token on every request when the original has expired
-      {:ok,
-       %__MODULE__{
-         token: refresh_token(tenant, refresh_token, client_id)
-       }}
+      {:error, %Error{message: "Azure token expired please refresh manually"}}
     else
-      {:ok,
-       %__MODULE__{
-         token: token
-       }}
+      {:ok, %__MODULE__{token: token}}
     end
   end
 
@@ -65,28 +57,4 @@ defmodule K8s.Conn.Auth.Azure do
        }}
     end
   end
-
-  @spec refresh_token(String.t(), String.t(), String.t()) :: String.t()
-  defp refresh_token(
-         tenant,
-         refresh_token,
-         client_id
-       ) do
-    payload =
-      URI.encode_query(%{
-        "client_id" => client_id,
-        "grant_type" => "refresh_token",
-        "refresh_token" => refresh_token
-      })
-
-    HTTPoison.post!(
-      "https://login.microsoftonline.com/#{tenant}/oauth2/v2.0/token",
-      payload,
-      %{
-        "Content-Type" => "application/x-www-form-urlencoded"
-      }
-    ).body
-    |> Jason.decode!()
-    |> Map.get("access_token")
-  end
 end

test/k8s/conn/auth/azure_test.exs

@@ -0,0 +1,67 @@
+defmodule K8s.Conn.Auth.AzureTest do
+  @moduledoc false
+  use ExUnit.Case, async: true
+
+  alias K8s.Conn
+  alias K8s.Conn.Auth.Azure
+
+  describe "create/2" do
+    test "creates a Azure struct from  data" do
+      non_expired_unix_ts = DateTime.utc_now() |> DateTime.add(10, :minute) |> DateTime.to_unix()
+
+      auth = %{
+        "auth-provider" => %{
+          "config" => %{
+            "access-token" => "xxx",
+            "apiserver-id" => "service_id",
+            "client-id" => "client_id",
+            "expires-on" => "#{non_expired_unix_ts}",
+            "refresh-token" => "yyy",
+            "tenant-id" => "tenant"
+          },
+          "name" => "azure"
+        }
+      }
+
+      assert {:ok,
+              %Azure{
+                token: "xxx"
+              }} = Azure.create(auth, nil)
+    end
+
+    test "fails when token is expired" do
+      expired_unix_ts = DateTime.utc_now() |> DateTime.add(-10, :minute) |> DateTime.to_unix()
+
+      auth = %{
+        "auth-provider" => %{
+          "config" => %{
+            "access-token" => "xxx",
+            "apiserver-id" => "service_id",
+            "client-id" => "client_id",
+            "expires-on" => "#{expired_unix_ts}",
+            "refresh-token" => "yyy",
+            "tenant-id" => "tenant"
+          },
+          "name" => "azure"
+        }
+      }
+
+      assert {:error,
+              %K8s.Conn.Error{
+                message: "Azure token expired please refresh manually"
+              }} = Azure.create(auth, nil)
+    end
+  end
+
+  test "creates http request signing options" do
+    provider = %Azure{
+      token: "xxx"
+    }
+
+    {:ok, %Conn.RequestOptions{headers: headers, ssl_options: ssl_options}} =
+      Conn.RequestOptions.generate(provider)
+
+    assert headers == [{:Authorization, "Bearer xxx"}]
+    assert ssl_options == []
+  end
+end