dataplane

Documentation

Index

• Constants
• func NewAuthenticatorPolicy(cred azcore.TokenCredential, audience string) policy.Policy
• func NewStub(creds []*CredentialsObject) *stub
• type CredentialsObject
  • func (c CredentialsObject) IsUserAssigned() bool
• type ManagedIdentityClient
  • func NewClient(cloud string, authenticator policy.Policy, clientOpts *policy.ClientOptions) (*ManagedIdentityClient, error)
  • func (c *ManagedIdentityClient) GetUserAssignedIdentities(ctx context.Context, request UserAssignedMSIRequest) (*UserAssignedIdentities, error)
• type UserAssignedIdentities
  • func NewUserAssignedIdentities(c CredentialsObject, cloud string) (*UserAssignedIdentities, error)
  • func (u UserAssignedIdentities) GetCredential(requestedResourceID string) (*azidentity.ClientCertificateCredential, error)
• type UserAssignedMSIRequest

Constants

const (
	// Cloud Environments
	AzurePublicCloud = "AZUREPUBLICCLOUD"
	AzureUSGovCloud  = "AZUREUSGOVERNMENTCLOUD"

	// MSI Headers - exported so frontend RP can reuse
	MsiIdentityURLHeader = "x-ms-identity-url"
	MsiPrincipalIDHeader = "x-ms-identity-principal-id"
	MsiTenantHeader      = "x-ms-home-tenant-id"
)

Functions

func NewAuthenticatorPolicy

func NewAuthenticatorPolicy(cred azcore.TokenCredential, audience string) policy.Policy

Authenticating with MSI: https://eng.ms/docs/products/arm/rbac/managed_identities/msionboardinginteractionwithmsi .

func NewStub

func NewStub(creds []*CredentialsObject) *stub

Types

type CredentialsObject

type CredentialsObject struct {
	swagger.CredentialsObject
}

CredentialsObject is a wrapper around the swagger.CredentialsObject to add additional functionality swagger.Credentials object can represent either system or user-assigned managed identity

func (CredentialsObject) IsUserAssigned

func (c CredentialsObject) IsUserAssigned() bool

This method may be used by clients to check if they can use the object as a user-assigned managed identity Ex: get credentials object from key vault store and check if it is a user-assigned managed identity to call client for object refresh.

type ManagedIdentityClient

type ManagedIdentityClient struct {
	// contains filtered or unexported fields
}

func NewClient

func NewClient(cloud string, authenticator policy.Policy, clientOpts *policy.ClientOptions) (*ManagedIdentityClient, error)

TODO - Add parameter to specify module name in azcore.NewClient() NewClient creates a new Managed Identity Dataplane API client

func (*ManagedIdentityClient) GetUserAssignedIdentities

func (c *ManagedIdentityClient) GetUserAssignedIdentities(ctx context.Context, request UserAssignedMSIRequest) (*UserAssignedIdentities, error)

type UserAssignedIdentities

type UserAssignedIdentities struct {
	CredentialsObject
	// contains filtered or unexported fields
}

func NewUserAssignedIdentities

func NewUserAssignedIdentities(c CredentialsObject, cloud string) (*UserAssignedIdentities, error)

Constructor for UserAssignedIdentities object

func (UserAssignedIdentities) GetCredential

func (u UserAssignedIdentities) GetCredential(requestedResourceID string) (*azidentity.ClientCertificateCredential, error)

Get an AzIdentity credential for the given user-assigned identity resource ID Clients can use the credential to get a token for the user-assigned identity

type UserAssignedMSIRequest

type UserAssignedMSIRequest struct {
	IdentityURL string   `validate:"required,http_url"`
	ResourceIDs []string `validate:"required,resource_ids"`
	TenantID    string   `validate:"required,uuid"`
}