cloud

package

v0.7.0 Latest Latest Go to latest Published: Dec 14, 2021 License: MIT Imports: 30 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Azure/azure-workload-identity

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetTenantID(resourceManagerEndpoint string, subscriptionID string) (string, error)
func IsAlreadyExists(err error) bool
func IsFederatedCredentialAlreadyExists(err error) bool
func IsFederatedCredentialNotFound(err error) bool
func IsNotFound(err error) bool
func IsRoleAssignmentAlreadyDeleted(err error) bool
type AzureClient
type GraphError
- func GetGraphError(additionalData map[string]interface{}) (*GraphError, error)
- func (e GraphError) Error() string
type Interface

Constants ¶

View Source

const (
	// GraphErrorCodeResourceNotFound is the error code for resource not found.
	GraphErrorCodeResourceNotFound = "Request_ResourceNotFound"
	// GraphErrorCodeMultipleObjectsWithSameKeyValue is the error code for multiple objects with same key value.
	GraphErrorCodeMultipleObjectsWithSameKeyValue = "Request_MultipleObjectsWithSameKeyValue"
)

Variables ¶

View Source

var (
	// ErrFederatedCredentialNotFound is returned when the federated credential is not found.
	ErrFederatedCredentialNotFound = errors.New("federated credential not found")
)

Functions ¶

func GetTenantID ¶

func GetTenantID(resourceManagerEndpoint string, subscriptionID string) (string, error)

GetTenantID figures out the AAD tenant ID of the subscription by making an unauthenticated request to the Get Subscription Details endpoint and parses the value from WWW-Authenticate header. TODO this should probably to to the armhelpers library

func IsAlreadyExists ¶

func IsAlreadyExists(err error) bool

IsAlreadyExists parses the error message to check if it's resource already exists error.

func IsFederatedCredentialAlreadyExists ¶ added in v0.7.0

func IsFederatedCredentialAlreadyExists(err error) bool

IsFederatedCredentialAlreadyExists returns true if the given error is a federated credential already exists error. E1202 22:40:05.500821 867104 main.go:57] "failed to add federated identity credential" err="code: Request_MultipleObjectsWithSameKeyValue, message: FederatedIdentityCredential with name aramase-default-cred already exists."

func IsFederatedCredentialNotFound ¶ added in v0.7.0

func IsFederatedCredentialNotFound(err error) bool

IsFederatedCredentialNotFound returns true if the given error is a federated credential not found error.

func IsNotFound ¶

func IsNotFound(err error) bool

IsNotFound returns true if the given error is a NotFound error.

func IsRoleAssignmentAlreadyDeleted ¶

func IsRoleAssignmentAlreadyDeleted(err error) bool

IsRoleAssignmentAlreadyDeleted returns true if the given error is a role assignment already deleted error. Ref: https://docs.microsoft.com/en-us/rest/api/authorization/role-assignments/delete#response

Types ¶

type AzureClient ¶

type AzureClient struct {
	// contains filtered or unexported fields
}

func NewAzureClientWithCLI ¶

func NewAzureClientWithCLI(env azure.Environment, subscriptionID, tenantID string) (*AzureClient, error)

NewAzureClientWithCLI creates an AzureClient configured from Azure CLI 2.0 for local development scenarios.

func NewAzureClientWithClientCertificate ¶

func NewAzureClientWithClientCertificate(env azure.Environment, subscriptionID, clientID, tenantID string, certificate *x509.Certificate, privateKey *rsa.PrivateKey) (*AzureClient, error)

NewAzureClientWithClientCertificate returns an AzureClient via client_id and jwt certificate assertion

func NewAzureClientWithClientCertificateExternalTenant ¶

func NewAzureClientWithClientCertificateExternalTenant(env azure.Environment, subscriptionID, tenantID, clientID string, certificate *x509.Certificate, privateKey *rsa.PrivateKey) (*AzureClient, error)

NewAzureClientWithClientCertificateExternalTenant returns an AzureClient via client_id and jwt certificate assertion against a 3rd party tenant

func NewAzureClientWithClientCertificateFile ¶

func NewAzureClientWithClientCertificateFile(env azure.Environment, subscriptionID, clientID, tenantID, certificatePath, privateKeyPath string) (*AzureClient, error)

NewAzureClientWithClientCertificateFile returns an AzureClient via client_id and jwt certificate assertion

func NewAzureClientWithClientSecret ¶

func NewAzureClientWithClientSecret(env azure.Environment, subscriptionID, clientID, clientSecret, tenantID string) (*AzureClient, error)

NewAzureClientWithClientSecret returns an AzureClient via client_id and client_secret

func (*AzureClient) AddFederatedCredential ¶

func (c *AzureClient) AddFederatedCredential(ctx context.Context, objectID string, fic *graph.FederatedIdentityCredential) error

AddFederatedCredential adds a federated credential to the cloud provider.

func (*AzureClient) CreateApplication ¶

func (c *AzureClient) CreateApplication(ctx context.Context, displayName string) (*graph.Application, error)

CreateApplication creates an application.

func (*AzureClient) CreateRoleAssignment ¶

func (c *AzureClient) CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (authorization.RoleAssignment, error)

CreateRoleAssignment creates a role assignment.

func (*AzureClient) CreateServicePrincipal ¶

func (c *AzureClient) CreateServicePrincipal(ctx context.Context, appID string, tags []string) (*graph.ServicePrincipal, error)

CreateServicePrincipal creates a service principal for the given application. No secret or certificate is generated.

func (*AzureClient) DeleteApplication ¶

func (c *AzureClient) DeleteApplication(ctx context.Context, objectID string) error

DeleteApplication deletes an application.

func (*AzureClient) DeleteFederatedCredential ¶

func (c *AzureClient) DeleteFederatedCredential(ctx context.Context, objectID, federatedCredentialID string) error

DeleteFederatedCredential deletes a federated credential from the cloud provider.

func (*AzureClient) DeleteRoleAssignment ¶

func (c *AzureClient) DeleteRoleAssignment(ctx context.Context, roleAssignmentID string) (authorization.RoleAssignment, error)

DeleteRoleAssignment deletes a role assignment.

func (*AzureClient) DeleteServicePrincipal ¶

func (c *AzureClient) DeleteServicePrincipal(ctx context.Context, objectID string) error

DeleteServicePrincipal deletes a service principal.

func (*AzureClient) GetApplication ¶

func (c *AzureClient) GetApplication(ctx context.Context, displayName string) (*graph.Application, error)

GetApplication gets an application by its display name.

func (*AzureClient) GetFederatedCredential ¶

func (c *AzureClient) GetFederatedCredential(ctx context.Context, objectID, issuer, subject string) (*graph.FederatedIdentityCredential, error)

GetFederatedCredential gets a federated credential from the cloud provider.

func (*AzureClient) GetRoleDefinitionIDByName ¶ added in v0.7.0

func (c *AzureClient) GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (authorization.RoleDefinition, error)

GetRoleDefinitionIDByName returns the role definition ID for the given role name.

func (*AzureClient) GetServicePrincipal ¶

func (c *AzureClient) GetServicePrincipal(ctx context.Context, displayName string) (*graph.ServicePrincipal, error)

GetServicePrincipal gets a service principal by its display name.

type GraphError ¶ added in v0.7.0

type GraphError struct {
	PublicError *graph.PublicError
}

GraphError is a custom error type for Graph API errors.

func GetGraphError ¶ added in v0.7.0

func GetGraphError(additionalData map[string]interface{}) (*GraphError, error)

GetGraphError returns the public error message from the additional info. ref: https://docs.microsoft.com/en-us/graph/errors#error-resource-type errors returned by the graph API aren't serialized today and this is a known issue: https://github.com/microsoftgraph/msgraph-sdk-go-core/issues/1

func (GraphError) Error ¶ added in v0.7.0

func (e GraphError) Error() string

Error returns the error message.

type Interface ¶

type Interface interface {
	CreateServicePrincipal(ctx context.Context, appID string, tags []string) (*graph.ServicePrincipal, error)
	CreateApplication(ctx context.Context, displayName string) (*graph.Application, error)
	DeleteServicePrincipal(ctx context.Context, objectID string) error
	DeleteApplication(ctx context.Context, objectID string) error
	GetServicePrincipal(ctx context.Context, displayName string) (*graph.ServicePrincipal, error)
	GetApplication(ctx context.Context, displayName string) (*graph.Application, error)

	// Role assignment methods
	CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (authorization.RoleAssignment, error)
	DeleteRoleAssignment(ctx context.Context, roleAssignmentID string) (authorization.RoleAssignment, error)

	// Role definition methods
	GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (authorization.RoleDefinition, error)

	// Federation methods
	AddFederatedCredential(ctx context.Context, objectID string, fic *graph.FederatedIdentityCredential) error
	GetFederatedCredential(ctx context.Context, objectID, issuer, subject string) (*graph.FederatedIdentityCredential, error)
	DeleteFederatedCredential(ctx context.Context, objectID, federatedCredentialID string) error
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock_cloud Package mock_cloud is a generated GoMock package.	Package mock_cloud is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL