MCPcopy
hub / github.com/Azure/aztfexport / NewDefaultAzureCredential

Function NewDefaultAzureCredential

cred.go:39–164  ·  view source on GitHub ↗

NewDefaultAzureCredential creates a DefaultAzureCredential. Pass nil for options to accept defaults.

(logger slog.Logger, opt *DefaultAzureCredentialOptions)

Source from the content-addressed store, hash-verified

37
38// NewDefaultAzureCredential creates a DefaultAzureCredential. Pass nil for options to accept defaults.
39func NewDefaultAzureCredential(logger slog.Logger, opt *DefaultAzureCredentialOptions) (*DefaultAzureCredential, error) {
40 var creds []azcore.TokenCredential
41 var errors error
42
43 if opt == nil {
44 opt = &DefaultAzureCredentialOptions{}
45 }
46
47 logger.Info("Building credential via client secret")
48 if cred, err := azidentity.NewClientSecretCredential(
49 opt.AuthConfig.TenantID,
50 opt.AuthConfig.ClientID,
51 opt.AuthConfig.ClientSecret,
52 &azidentity.ClientSecretCredentialOptions{
53 ClientOptions: opt.ClientOptions,
54 AdditionallyAllowedTenants: opt.AuthConfig.AuxiliaryTenantIDs,
55 DisableInstanceDiscovery: opt.DisableInstanceDiscovery,
56 },
57 ); err == nil {
58 logger.Info("Successfully built credential via client secret")
59 creds = append(creds, cred)
60 } else {
61 thisErr := fmt.Errorf("Building credential via client secret failed: %v", err)
62 logger.Warn(thisErr.Error())
63 errors = multierror.Append(errors, thisErr)
64 }
65
66 logger.Info("Building credential via client certificaite")
67 if cert, err := base64.StdEncoding.DecodeString(opt.AuthConfig.ClientCertificateEncoded); err != nil {
68 thisErr := fmt.Errorf("Building credential via client certificate failed: base64 decoidng certificate: %v", err)
69 logger.Warn(thisErr.Error())
70 errors = multierror.Append(errors, thisErr)
71 } else {
72 // We are using a 3rd party module for parsing the certificate (the same one as is used by go-azure-sdk/sdk/auth/client_certificate_authorizer.go)
73 // Reason can be found at: https://github.com/Azure/azure-sdk-for-go/issues/22906
74 //certs, key, err := azidentity.ParseCertificates(cert, []byte(opt.AuthConfig.ClientCertificatePassword))
75 key, cert, _, err := pkcs12.DecodeChain(cert, opt.AuthConfig.ClientCertificatePassword)
76 if err != nil {
77 thisErr := fmt.Errorf("Building credential via client certificate failed: failed to parse certificate: %v", err)
78 logger.Warn(thisErr.Error())
79 errors = multierror.Append(errors, thisErr)
80 } else {
81 if cred, err := azidentity.NewClientCertificateCredential(
82 opt.AuthConfig.TenantID,
83 opt.AuthConfig.ClientID,
84 []*x509.Certificate{cert},
85 key,
86 &azidentity.ClientCertificateCredentialOptions{
87 ClientOptions: opt.ClientOptions,
88 AdditionallyAllowedTenants: opt.AuthConfig.AuxiliaryTenantIDs,
89 DisableInstanceDiscovery: opt.DisableInstanceDiscovery,
90 SendCertificateChain: opt.SendCertificateChain,
91 },
92 ); err != nil {
93 thisErr := fmt.Errorf("Building credential via client certificate failed: %v", err)
94 logger.Warn(thisErr.Error())
95 errors = multierror.Append(errors, thisErr)
96 } else {

Callers 1

BuildCommonConfigMethod · 0.85

Calls 1

NewOidcCredentialFunction · 0.85

Tested by

no test coverage detected