NewDefaultAzureCredential creates a DefaultAzureCredential. Pass nil for options to accept defaults.
(logger slog.Logger, opt *DefaultAzureCredentialOptions)
| 37 | |
| 38 | // NewDefaultAzureCredential creates a DefaultAzureCredential. Pass nil for options to accept defaults. |
| 39 | func NewDefaultAzureCredential(logger slog.Logger, opt *DefaultAzureCredentialOptions) (*DefaultAzureCredential, error) { |
| 40 | var creds []azcore.TokenCredential |
| 41 | var errors error |
| 42 | |
| 43 | if opt == nil { |
| 44 | opt = &DefaultAzureCredentialOptions{} |
| 45 | } |
| 46 | |
| 47 | logger.Info("Building credential via client secret") |
| 48 | if cred, err := azidentity.NewClientSecretCredential( |
| 49 | opt.AuthConfig.TenantID, |
| 50 | opt.AuthConfig.ClientID, |
| 51 | opt.AuthConfig.ClientSecret, |
| 52 | &azidentity.ClientSecretCredentialOptions{ |
| 53 | ClientOptions: opt.ClientOptions, |
| 54 | AdditionallyAllowedTenants: opt.AuthConfig.AuxiliaryTenantIDs, |
| 55 | DisableInstanceDiscovery: opt.DisableInstanceDiscovery, |
| 56 | }, |
| 57 | ); err == nil { |
| 58 | logger.Info("Successfully built credential via client secret") |
| 59 | creds = append(creds, cred) |
| 60 | } else { |
| 61 | thisErr := fmt.Errorf("Building credential via client secret failed: %v", err) |
| 62 | logger.Warn(thisErr.Error()) |
| 63 | errors = multierror.Append(errors, thisErr) |
| 64 | } |
| 65 | |
| 66 | logger.Info("Building credential via client certificaite") |
| 67 | if cert, err := base64.StdEncoding.DecodeString(opt.AuthConfig.ClientCertificateEncoded); err != nil { |
| 68 | thisErr := fmt.Errorf("Building credential via client certificate failed: base64 decoidng certificate: %v", err) |
| 69 | logger.Warn(thisErr.Error()) |
| 70 | errors = multierror.Append(errors, thisErr) |
| 71 | } else { |
| 72 | // We are using a 3rd party module for parsing the certificate (the same one as is used by go-azure-sdk/sdk/auth/client_certificate_authorizer.go) |
| 73 | // Reason can be found at: https://github.com/Azure/azure-sdk-for-go/issues/22906 |
| 74 | //certs, key, err := azidentity.ParseCertificates(cert, []byte(opt.AuthConfig.ClientCertificatePassword)) |
| 75 | key, cert, _, err := pkcs12.DecodeChain(cert, opt.AuthConfig.ClientCertificatePassword) |
| 76 | if err != nil { |
| 77 | thisErr := fmt.Errorf("Building credential via client certificate failed: failed to parse certificate: %v", err) |
| 78 | logger.Warn(thisErr.Error()) |
| 79 | errors = multierror.Append(errors, thisErr) |
| 80 | } else { |
| 81 | if cred, err := azidentity.NewClientCertificateCredential( |
| 82 | opt.AuthConfig.TenantID, |
| 83 | opt.AuthConfig.ClientID, |
| 84 | []*x509.Certificate{cert}, |
| 85 | key, |
| 86 | &azidentity.ClientCertificateCredentialOptions{ |
| 87 | ClientOptions: opt.ClientOptions, |
| 88 | AdditionallyAllowedTenants: opt.AuthConfig.AuxiliaryTenantIDs, |
| 89 | DisableInstanceDiscovery: opt.DisableInstanceDiscovery, |
| 90 | SendCertificateChain: opt.SendCertificateChain, |
| 91 | }, |
| 92 | ); err != nil { |
| 93 | thisErr := fmt.Errorf("Building credential via client certificate failed: %v", err) |
| 94 | logger.Warn(thisErr.Error()) |
| 95 | errors = multierror.Append(errors, thisErr) |
| 96 | } else { |
no test coverage detected