Documentation
¶
Index ¶
- Constants
- Variables
- func GetTenantID(resourceManagerEndpoint string, subscriptionID string) (string, error)
- func IsAlreadyExists(err error) bool
- func IsFederatedCredentialAlreadyExists(err error) bool
- func IsFederatedCredentialNotFound(err error) bool
- func IsNotFound(err error) bool
- func IsRoleAssignmentAlreadyDeleted(err error) bool
- type AzureClient
- func NewAzureClientWithCLI(env azure.Environment, subscriptionID, tenantID string) (*AzureClient, error)
- func NewAzureClientWithClientCertificate(env azure.Environment, subscriptionID, clientID, tenantID string, ...) (*AzureClient, error)
- func NewAzureClientWithClientCertificateExternalTenant(env azure.Environment, subscriptionID, tenantID, clientID string, ...) (*AzureClient, error)
- func NewAzureClientWithClientCertificateFile(env azure.Environment, ...) (*AzureClient, error)
- func NewAzureClientWithClientSecret(env azure.Environment, subscriptionID, clientID, clientSecret, tenantID string) (*AzureClient, error)
- func (c *AzureClient) AddFederatedCredential(ctx context.Context, objectID string, fic *graph.FederatedIdentityCredential) error
- func (c *AzureClient) CreateApplication(ctx context.Context, displayName string) (*graph.Application, error)
- func (c *AzureClient) CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (authorization.RoleAssignment, error)
- func (c *AzureClient) CreateServicePrincipal(ctx context.Context, appID string, tags []string) (*graph.ServicePrincipal, error)
- func (c *AzureClient) DeleteApplication(ctx context.Context, objectID string) error
- func (c *AzureClient) DeleteFederatedCredential(ctx context.Context, objectID, federatedCredentialID string) error
- func (c *AzureClient) DeleteRoleAssignment(ctx context.Context, roleAssignmentID string) (authorization.RoleAssignment, error)
- func (c *AzureClient) DeleteServicePrincipal(ctx context.Context, objectID string) error
- func (c *AzureClient) GetApplication(ctx context.Context, displayName string) (*graph.Application, error)
- func (c *AzureClient) GetFederatedCredential(ctx context.Context, objectID, issuer, subject string) (*graph.FederatedIdentityCredential, error)
- func (c *AzureClient) GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (authorization.RoleDefinition, error)
- func (c *AzureClient) GetServicePrincipal(ctx context.Context, displayName string) (*graph.ServicePrincipal, error)
- type GraphError
- type Interface
Constants ¶
const ( // GraphErrorCodeResourceNotFound is the error code for resource not found. GraphErrorCodeResourceNotFound = "Request_ResourceNotFound" // GraphErrorCodeMultipleObjectsWithSameKeyValue is the error code for multiple objects with same key value. GraphErrorCodeMultipleObjectsWithSameKeyValue = "Request_MultipleObjectsWithSameKeyValue" )
Variables ¶
var ( // ErrFederatedCredentialNotFound is returned when the federated credential is not found. ErrFederatedCredentialNotFound = errors.New("federated credential not found") )
Functions ¶
func GetTenantID ¶
GetTenantID figures out the AAD tenant ID of the subscription by making an unauthenticated request to the Get Subscription Details endpoint and parses the value from WWW-Authenticate header. TODO this should probably to to the armhelpers library
func IsAlreadyExists ¶
IsAlreadyExists parses the error message to check if it's resource already exists error.
func IsFederatedCredentialAlreadyExists ¶ added in v0.7.0
IsFederatedCredentialAlreadyExists returns true if the given error is a federated credential already exists error. E1202 22:40:05.500821 867104 main.go:57] "failed to add federated identity credential" err="code: Request_MultipleObjectsWithSameKeyValue, message: FederatedIdentityCredential with name aramase-default-cred already exists."
func IsFederatedCredentialNotFound ¶ added in v0.7.0
IsFederatedCredentialNotFound returns true if the given error is a federated credential not found error.
func IsNotFound ¶
IsNotFound returns true if the given error is a NotFound error.
func IsRoleAssignmentAlreadyDeleted ¶
IsRoleAssignmentAlreadyDeleted returns true if the given error is a role assignment already deleted error. Ref: https://docs.microsoft.com/en-us/rest/api/authorization/role-assignments/delete#response
Types ¶
type AzureClient ¶
type AzureClient struct {
// contains filtered or unexported fields
}
func NewAzureClientWithCLI ¶
func NewAzureClientWithCLI(env azure.Environment, subscriptionID, tenantID string) (*AzureClient, error)
NewAzureClientWithCLI creates an AzureClient configured from Azure CLI 2.0 for local development scenarios.
func NewAzureClientWithClientCertificate ¶
func NewAzureClientWithClientCertificate(env azure.Environment, subscriptionID, clientID, tenantID string, certificate *x509.Certificate, privateKey *rsa.PrivateKey) (*AzureClient, error)
NewAzureClientWithClientCertificate returns an AzureClient via client_id and jwt certificate assertion
func NewAzureClientWithClientCertificateExternalTenant ¶
func NewAzureClientWithClientCertificateExternalTenant(env azure.Environment, subscriptionID, tenantID, clientID string, certificate *x509.Certificate, privateKey *rsa.PrivateKey) (*AzureClient, error)
NewAzureClientWithClientCertificateExternalTenant returns an AzureClient via client_id and jwt certificate assertion against a 3rd party tenant
func NewAzureClientWithClientCertificateFile ¶
func NewAzureClientWithClientCertificateFile(env azure.Environment, subscriptionID, clientID, tenantID, certificatePath, privateKeyPath string) (*AzureClient, error)
NewAzureClientWithClientCertificateFile returns an AzureClient via client_id and jwt certificate assertion
func NewAzureClientWithClientSecret ¶
func NewAzureClientWithClientSecret(env azure.Environment, subscriptionID, clientID, clientSecret, tenantID string) (*AzureClient, error)
NewAzureClientWithClientSecret returns an AzureClient via client_id and client_secret
func (*AzureClient) AddFederatedCredential ¶
func (c *AzureClient) AddFederatedCredential(ctx context.Context, objectID string, fic *graph.FederatedIdentityCredential) error
AddFederatedCredential adds a federated credential to the cloud provider.
func (*AzureClient) CreateApplication ¶
func (c *AzureClient) CreateApplication(ctx context.Context, displayName string) (*graph.Application, error)
CreateApplication creates an application.
func (*AzureClient) CreateRoleAssignment ¶
func (c *AzureClient) CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (authorization.RoleAssignment, error)
CreateRoleAssignment creates a role assignment.
func (*AzureClient) CreateServicePrincipal ¶
func (c *AzureClient) CreateServicePrincipal(ctx context.Context, appID string, tags []string) (*graph.ServicePrincipal, error)
CreateServicePrincipal creates a service principal for the given application. No secret or certificate is generated.
func (*AzureClient) DeleteApplication ¶
func (c *AzureClient) DeleteApplication(ctx context.Context, objectID string) error
DeleteApplication deletes an application.
func (*AzureClient) DeleteFederatedCredential ¶
func (c *AzureClient) DeleteFederatedCredential(ctx context.Context, objectID, federatedCredentialID string) error
DeleteFederatedCredential deletes a federated credential from the cloud provider.
func (*AzureClient) DeleteRoleAssignment ¶
func (c *AzureClient) DeleteRoleAssignment(ctx context.Context, roleAssignmentID string) (authorization.RoleAssignment, error)
DeleteRoleAssignment deletes a role assignment.
func (*AzureClient) DeleteServicePrincipal ¶
func (c *AzureClient) DeleteServicePrincipal(ctx context.Context, objectID string) error
DeleteServicePrincipal deletes a service principal.
func (*AzureClient) GetApplication ¶
func (c *AzureClient) GetApplication(ctx context.Context, displayName string) (*graph.Application, error)
GetApplication gets an application by its display name.
func (*AzureClient) GetFederatedCredential ¶
func (c *AzureClient) GetFederatedCredential(ctx context.Context, objectID, issuer, subject string) (*graph.FederatedIdentityCredential, error)
GetFederatedCredential gets a federated credential from the cloud provider.
func (*AzureClient) GetRoleDefinitionIDByName ¶ added in v0.7.0
func (c *AzureClient) GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (authorization.RoleDefinition, error)
GetRoleDefinitionIDByName returns the role definition ID for the given role name.
func (*AzureClient) GetServicePrincipal ¶
func (c *AzureClient) GetServicePrincipal(ctx context.Context, displayName string) (*graph.ServicePrincipal, error)
GetServicePrincipal gets a service principal by its display name.
type GraphError ¶ added in v0.7.0
type GraphError struct {
PublicError *graph.PublicError
}
GraphError is a custom error type for Graph API errors.
func GetGraphError ¶ added in v0.7.0
func GetGraphError(additionalData map[string]interface{}) (*GraphError, error)
GetGraphError returns the public error message from the additional info. ref: https://docs.microsoft.com/en-us/graph/errors#error-resource-type errors returned by the graph API aren't serialized today and this is a known issue: https://github.com/microsoftgraph/msgraph-sdk-go-core/issues/1
func (GraphError) Error ¶ added in v0.7.0
func (e GraphError) Error() string
Error returns the error message.
type Interface ¶
type Interface interface { CreateServicePrincipal(ctx context.Context, appID string, tags []string) (*graph.ServicePrincipal, error) CreateApplication(ctx context.Context, displayName string) (*graph.Application, error) DeleteServicePrincipal(ctx context.Context, objectID string) error DeleteApplication(ctx context.Context, objectID string) error GetServicePrincipal(ctx context.Context, displayName string) (*graph.ServicePrincipal, error) GetApplication(ctx context.Context, displayName string) (*graph.Application, error) // Role assignment methods CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (authorization.RoleAssignment, error) DeleteRoleAssignment(ctx context.Context, roleAssignmentID string) (authorization.RoleAssignment, error) // Role definition methods GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (authorization.RoleDefinition, error) // Federation methods AddFederatedCredential(ctx context.Context, objectID string, fic *graph.FederatedIdentityCredential) error GetFederatedCredential(ctx context.Context, objectID, issuer, subject string) (*graph.FederatedIdentityCredential, error) DeleteFederatedCredential(ctx context.Context, objectID, federatedCredentialID string) error }
Source Files
¶
Directories
¶
Path | Synopsis |
---|---|
Package mock_cloud is a generated GoMock package.
|
Package mock_cloud is a generated GoMock package. |