Documentation
¶
Index ¶
- Constants
- func GetCredential(clientOpts azcore.ClientOptions, credential UserAssignedIdentityCredentials) (*azidentity.ClientCertificateCredential, error)
- func NewUserAssignedIdentityCredential(ctx context.Context, credentialPath string, opts ...Option) (azcore.TokenCredential, error)
- type Client
- type ClientFactory
- type ClientFactoryOption
- type CustomClaims
- type DelegatedResource
- type ManagedIdentityCredentials
- type MoveIdentityRequest
- type MoveIdentityResponse
- type Option
- type UserAssignedIdentitiesRequest
- type UserAssignedIdentityCredentials
Constants ¶
const ( // MsiIdentityURLHeader is provided by ARM in responses for resource creation // to specify the URL at which clients can get credentials for a managed identity // associated with the ARM resource being created. MsiIdentityURLHeader = "x-ms-identity-url" // MsiPrincipalIDHeader is provided by ARM in responses for resource creation // to specify the service principal ID for a managed identity associated with // the ARM resource being created. MsiPrincipalIDHeader = "x-ms-identity-principal-id" // MsiTenantHeader is provided by ARM in responses for resource creation to specify // the tenant id for a managed identity associated with the ARM resource being created. MsiTenantHeader = "x-ms-home-tenant-id" )
const ( // ManagedIdentityCredentialsStoragePrefix is a suggested prefix to use when // storing a ManagedIdentityCredentials object in Azure KeyVault. ManagedIdentityCredentialsStoragePrefix = "msi-" // UserAssignedIdentityCredentialsStoragePrefix is a suggested prefix to use when // storing a UserAssignedIdentityCredentials object in Azure KeyVault. UserAssignedIdentityCredentialsStoragePrefix = "uamsi-" )
Variables ¶
This section is empty.
Functions ¶
func GetCredential ¶ added in v0.0.9
func GetCredential(clientOpts azcore.ClientOptions, credential UserAssignedIdentityCredentials) (*azidentity.ClientCertificateCredential, error)
Get an AzIdentity credential for the given nested credential object Clients can use the credential to get a token for the user-assigned identity
func NewUserAssignedIdentityCredential ¶ added in v0.0.9
func NewUserAssignedIdentityCredential(ctx context.Context, credentialPath string, opts ...Option) (azcore.TokenCredential, error)
NewUserAssignedIdentityCredential creates a new reloadingCredential for a user-assigned identity. ctx is used to manage the lifecycle of the reloader, allowing for cancellation if reloading is no longer needed. credentialPath is the path to the credential file. opts allows for additional configuration, such as setting a custom logger, periodic reload time, and cloud environment.
The function ensures that a valid token is loaded before returning the credential. It also starts a background process to watch for changes to the credential file and reloads it as necessary.
Types ¶
type Client ¶ added in v0.0.9
type Client interface {
// DeleteSystemAssignedIdentity deletes the system-assigned identity for a proxy resource.
DeleteSystemAssignedIdentity(ctx context.Context) error
// GetSystemAssignedIdentityCredentials retrieves the credentials for the system-assigned identity associated with the proxy resource.
GetSystemAssignedIdentityCredentials(ctx context.Context) (*ManagedIdentityCredentials, error)
// GetUserAssignedIdentitiesCredentials retrieves the credentials for any user-assigned identities associated with the proxy resource.
GetUserAssignedIdentitiesCredentials(ctx context.Context, request UserAssignedIdentitiesRequest) (*ManagedIdentityCredentials, error)
// MoveIdentity moves the identity from one resource group into another.
MoveIdentity(ctx context.Context, request MoveIdentityRequest) (*MoveIdentityResponse, error)
}
Client exposes the API for the MSI data plane.
type ClientFactory ¶ added in v0.0.9
type ClientFactory interface {
// NewClient creates a client that can operate on credentials for one managed identity.
// identityURL is the x-ms-identity-url header provided from ARM, including any path,
// query parameters, etc.
NewClient(identityURL string) (Client, error)
}
ClientFactory creates clients for managed identity credentials.
func NewClientFactory ¶ added in v0.0.9
func NewClientFactory(cred azcore.TokenCredential, audience string, opts *azcore.ClientOptions, clientFactoryOpts ...ClientFactoryOption) ClientFactory
NewClientFactory creates a new MSI data plane client factory. The credentials and audience presented are for the first-party credential. As the server to be contacted for each identity varies, a factory is returned that can create clients on-demand.
type ClientFactoryOption ¶ added in v0.2.0
type ClientFactoryOption func(*clientOpts)
func WithClientLogger ¶ added in v0.2.0
func WithClientLogger(logger *logr.Logger) ClientFactoryOption
WithLogger sets a custom logger for the reloadingCredential. This can be useful for debugging or logging purposes.
type CustomClaims ¶
type CustomClaims = client.CustomClaims
type DelegatedResource ¶ added in v0.0.9
type DelegatedResource = client.DelegatedResource
type ManagedIdentityCredentials ¶ added in v0.0.9
type ManagedIdentityCredentials = client.ManagedIdentityCredentials
type MoveIdentityRequest ¶ added in v0.0.9
type MoveIdentityRequest = client.MoveRequestBodyDefinition
type MoveIdentityResponse ¶
type MoveIdentityResponse = client.MoveIdentityResponse
type Option ¶ added in v0.0.9
type Option func(*reloadingCredential)
func WithBackstopRefresh ¶ added in v0.0.9
WithBackstopRefresh sets a custom timer for the reloadingCredential. This can be useful for loading credential file periodically.
func WithClientOpts ¶ added in v0.4.0
func WithClientOpts(o azcore.ClientOptions) Option
WithClientOpts adds common Azure client options. Use this field to, for instance, configure the cloud environment in which this credential should authenticate.
func WithLogger ¶ added in v0.0.9
WithLogger sets a custom logger for the reloadingCredential. This can be useful for debugging or logging purposes.
type UserAssignedIdentitiesRequest ¶ added in v0.0.9
type UserAssignedIdentitiesRequest = client.CredRequestDefinition
type UserAssignedIdentityCredentials ¶ added in v0.0.9
type UserAssignedIdentityCredentials = client.UserAssignedIdentityCredentials
Source Files
Directories