cloud

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 14, 2021 License: MIT Imports: 30 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// GraphErrorCodeResourceNotFound is the error code for resource not found.
	GraphErrorCodeResourceNotFound = "Request_ResourceNotFound"
	// GraphErrorCodeMultipleObjectsWithSameKeyValue is the error code for multiple objects with same key value.
	GraphErrorCodeMultipleObjectsWithSameKeyValue = "Request_MultipleObjectsWithSameKeyValue"
)

Variables

View Source
var (
	// ErrFederatedCredentialNotFound is returned when the federated credential is not found.
	ErrFederatedCredentialNotFound = errors.New("federated credential not found")
)

Functions

func GetTenantID

func GetTenantID(resourceManagerEndpoint string, subscriptionID string) (string, error)

GetTenantID figures out the AAD tenant ID of the subscription by making an unauthenticated request to the Get Subscription Details endpoint and parses the value from WWW-Authenticate header. TODO this should probably to to the armhelpers library

func IsAlreadyExists

func IsAlreadyExists(err error) bool

IsAlreadyExists parses the error message to check if it's resource already exists error.

func IsFederatedCredentialAlreadyExists added in v0.7.0

func IsFederatedCredentialAlreadyExists(err error) bool

IsFederatedCredentialAlreadyExists returns true if the given error is a federated credential already exists error. E1202 22:40:05.500821 867104 main.go:57] "failed to add federated identity credential" err="code: Request_MultipleObjectsWithSameKeyValue, message: FederatedIdentityCredential with name aramase-default-cred already exists."

func IsFederatedCredentialNotFound added in v0.7.0

func IsFederatedCredentialNotFound(err error) bool

IsFederatedCredentialNotFound returns true if the given error is a federated credential not found error.

func IsNotFound

func IsNotFound(err error) bool

IsNotFound returns true if the given error is a NotFound error.

func IsRoleAssignmentAlreadyDeleted

func IsRoleAssignmentAlreadyDeleted(err error) bool

IsRoleAssignmentAlreadyDeleted returns true if the given error is a role assignment already deleted error. Ref: https://docs.microsoft.com/en-us/rest/api/authorization/role-assignments/delete#response

Types

type AzureClient

type AzureClient struct {
	// contains filtered or unexported fields
}

func NewAzureClientWithCLI

func NewAzureClientWithCLI(env azure.Environment, subscriptionID, tenantID string) (*AzureClient, error)

NewAzureClientWithCLI creates an AzureClient configured from Azure CLI 2.0 for local development scenarios.

func NewAzureClientWithClientCertificate

func NewAzureClientWithClientCertificate(env azure.Environment, subscriptionID, clientID, tenantID string, certificate *x509.Certificate, privateKey *rsa.PrivateKey) (*AzureClient, error)

NewAzureClientWithClientCertificate returns an AzureClient via client_id and jwt certificate assertion

func NewAzureClientWithClientCertificateExternalTenant

func NewAzureClientWithClientCertificateExternalTenant(env azure.Environment, subscriptionID, tenantID, clientID string, certificate *x509.Certificate, privateKey *rsa.PrivateKey) (*AzureClient, error)

NewAzureClientWithClientCertificateExternalTenant returns an AzureClient via client_id and jwt certificate assertion against a 3rd party tenant

func NewAzureClientWithClientCertificateFile

func NewAzureClientWithClientCertificateFile(env azure.Environment, subscriptionID, clientID, tenantID, certificatePath, privateKeyPath string) (*AzureClient, error)

NewAzureClientWithClientCertificateFile returns an AzureClient via client_id and jwt certificate assertion

func NewAzureClientWithClientSecret

func NewAzureClientWithClientSecret(env azure.Environment, subscriptionID, clientID, clientSecret, tenantID string) (*AzureClient, error)

NewAzureClientWithClientSecret returns an AzureClient via client_id and client_secret

func (*AzureClient) AddFederatedCredential

func (c *AzureClient) AddFederatedCredential(ctx context.Context, objectID string, fic *graph.FederatedIdentityCredential) error

AddFederatedCredential adds a federated credential to the cloud provider.

func (*AzureClient) CreateApplication

func (c *AzureClient) CreateApplication(ctx context.Context, displayName string) (*graph.Application, error)

CreateApplication creates an application.

func (*AzureClient) CreateRoleAssignment

func (c *AzureClient) CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (authorization.RoleAssignment, error)

CreateRoleAssignment creates a role assignment.

func (*AzureClient) CreateServicePrincipal

func (c *AzureClient) CreateServicePrincipal(ctx context.Context, appID string, tags []string) (*graph.ServicePrincipal, error)

CreateServicePrincipal creates a service principal for the given application. No secret or certificate is generated.

func (*AzureClient) DeleteApplication

func (c *AzureClient) DeleteApplication(ctx context.Context, objectID string) error

DeleteApplication deletes an application.

func (*AzureClient) DeleteFederatedCredential

func (c *AzureClient) DeleteFederatedCredential(ctx context.Context, objectID, federatedCredentialID string) error

DeleteFederatedCredential deletes a federated credential from the cloud provider.

func (*AzureClient) DeleteRoleAssignment

func (c *AzureClient) DeleteRoleAssignment(ctx context.Context, roleAssignmentID string) (authorization.RoleAssignment, error)

DeleteRoleAssignment deletes a role assignment.

func (*AzureClient) DeleteServicePrincipal

func (c *AzureClient) DeleteServicePrincipal(ctx context.Context, objectID string) error

DeleteServicePrincipal deletes a service principal.

func (*AzureClient) GetApplication

func (c *AzureClient) GetApplication(ctx context.Context, displayName string) (*graph.Application, error)

GetApplication gets an application by its display name.

func (*AzureClient) GetFederatedCredential

func (c *AzureClient) GetFederatedCredential(ctx context.Context, objectID, issuer, subject string) (*graph.FederatedIdentityCredential, error)

GetFederatedCredential gets a federated credential from the cloud provider.

func (*AzureClient) GetRoleDefinitionIDByName added in v0.7.0

func (c *AzureClient) GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (authorization.RoleDefinition, error)

GetRoleDefinitionIDByName returns the role definition ID for the given role name.

func (*AzureClient) GetServicePrincipal

func (c *AzureClient) GetServicePrincipal(ctx context.Context, displayName string) (*graph.ServicePrincipal, error)

GetServicePrincipal gets a service principal by its display name.

type GraphError added in v0.7.0

type GraphError struct {
	PublicError *graph.PublicError
}

GraphError is a custom error type for Graph API errors.

func GetGraphError added in v0.7.0

func GetGraphError(additionalData map[string]interface{}) (*GraphError, error)

GetGraphError returns the public error message from the additional info. ref: https://docs.microsoft.com/en-us/graph/errors#error-resource-type errors returned by the graph API aren't serialized today and this is a known issue: https://github.com/microsoftgraph/msgraph-sdk-go-core/issues/1

func (GraphError) Error added in v0.7.0

func (e GraphError) Error() string

Error returns the error message.

type Interface

type Interface interface {
	CreateServicePrincipal(ctx context.Context, appID string, tags []string) (*graph.ServicePrincipal, error)
	CreateApplication(ctx context.Context, displayName string) (*graph.Application, error)
	DeleteServicePrincipal(ctx context.Context, objectID string) error
	DeleteApplication(ctx context.Context, objectID string) error
	GetServicePrincipal(ctx context.Context, displayName string) (*graph.ServicePrincipal, error)
	GetApplication(ctx context.Context, displayName string) (*graph.Application, error)

	// Role assignment methods
	CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (authorization.RoleAssignment, error)
	DeleteRoleAssignment(ctx context.Context, roleAssignmentID string) (authorization.RoleAssignment, error)

	// Role definition methods
	GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (authorization.RoleDefinition, error)

	// Federation methods
	AddFederatedCredential(ctx context.Context, objectID string, fic *graph.FederatedIdentityCredential) error
	GetFederatedCredential(ctx context.Context, objectID, issuer, subject string) (*graph.FederatedIdentityCredential, error)
	DeleteFederatedCredential(ctx context.Context, objectID, federatedCredentialID string) error
}

Directories

Path Synopsis
Package mock_cloud is a generated GoMock package.
Package mock_cloud is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL