identity

Documentation

Index

• Variables
• func CertificatesAndKeyFromPEM(pem []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)
• type AzureCLICredential
  • func NewAzureCLICredential(options ...CredentialOption) (*AzureCLICredential, error)
  • func (c *AzureCLICredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)
• type ClientCredential
  • func NewClientAssertionCredential(tenantID, clientID string, assertion func() (string, error), ...) (*ClientCredential, error)
  • func NewClientCertificateCredential(tenantID, clientID string, certificates []*x509.Certificate, ...) (*ClientCredential, error)
  • func NewClientCredential(tenantID string, clientID string, options ...CredentialOption) (*ClientCredential, error)
  • func NewClientSecretCredential(tenantID, clientID, secret string, options ...CredentialOption) (*ClientCredential, error)
  • func (c *ClientCredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)
• type CredentialOption
  • func WithAssertion(assertion func() (string, error)) CredentialOption
  • func WithCertificate(certs []*x509.Certificate, privateKey *rsa.PrivateKey) CredentialOption
  • func WithClientID(id string) CredentialOption
  • func WithCloud(c cloud.Cloud) CredentialOption
  • func WithHTTPClient(c request.Client) CredentialOption
  • func WithIMDSDialTimeout(d time.Duration) CredentialOption
  • func WithResourceID(id string) CredentialOption
  • func WithSecret(secret string) CredentialOption
• type CredentialOptions
• type ManagedIdentityCredential
  • func NewManagedIdentityCredential(options ...CredentialOption) (*ManagedIdentityCredential, error)
  • func (c *ManagedIdentityCredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)

Variables

var (
	// ErrIMDSEndpointUnavailable is returned when the IMDS endpoint is unavailable.
	ErrIMDSEndpointUnavailable = errors.New("IMDS endpoint unavailable")
)

Functions

func CertificatesAndKeyFromPEM

func CertificatesAndKeyFromPEM(pem []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)

CertificatesAndKeyFromPEM extracts the x509 certificates and private key from the given PEM.

Types

type AzureCLICredential

type AzureCLICredential struct {
	// contains filtered or unexported fields
}

AzureCLICredential represent credentials handled by the Azure CLI. It contains all the necessary settings to perform token requests.

func NewAzureCLICredential

func NewAzureCLICredential(options ...CredentialOption) (*AzureCLICredential, error)

NewAzureCLICredential creates and returns a new *AzureCLICredential.

func (*AzureCLICredential) Token

func (c *AzureCLICredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)

Token returns a new auth.Token for requests to the Azure REST API.

type ClientCredential

type ClientCredential struct {
	// contains filtered or unexported fields
}

ClientCredential represents a client credential for authentication to Azure according to the client credential flow. It contains all the necessary settings to perform token requests.

func NewClientAssertionCredential

func NewClientAssertionCredential(tenantID, clientID string, assertion func() (string, error), options ...CredentialOption) (*ClientCredential, error)

NewClientAssertionCredential creates and returns a new *ClientCredential with a client assertion function (client assertion credential).

func NewClientCertificateCredential

func NewClientCertificateCredential(tenantID, clientID string, certificates []*x509.Certificate, key *rsa.PrivateKey, options ...CredentialOption) (*ClientCredential, error)

NewClientCertificateCredential creates and returns a new *ClientCredential with a certificate and private key (client certificate credential).

func NewClientCredential

func NewClientCredential(tenantID string, clientID string, options ...CredentialOption) (*ClientCredential, error)

NewClientCredential creates and returns a new *ClientCredential.

func NewClientSecretCredential

func NewClientSecretCredential(tenantID, clientID, secret string, options ...CredentialOption) (*ClientCredential, error)

NewClientSecretCredential creates and return a new *ClientCredential with a secret (client secret credential).

func (*ClientCredential) Token

func (c *ClientCredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)

Token returns a new auth.Token for requests to the Azure REST API.

type CredentialOption

type CredentialOption func(o *CredentialOptions)

CredentialOption is a function to set *CredentialOptions.

func WithAssertion

func WithAssertion(assertion func() (string, error)) CredentialOption

WithAssertion sets the assertion function for the client credential. The provided function should return a JWT from an identity provider.

func WithCertificate

func WithCertificate(certs []*x509.Certificate, privateKey *rsa.PrivateKey) CredentialOption

WithCertificate sets the certificate and private key.

func WithClientID

func WithClientID(id string) CredentialOption

WithClientID sets the client ID.

func WithCloud

func WithCloud(c cloud.Cloud) CredentialOption

WithCloud sets the Azure cloud to authenticate against.

func WithHTTPClient

func WithHTTPClient(c request.Client) CredentialOption

WithHTTPClient sets the HTTP client of the credential.

func WithIMDSDialTimeout

func WithIMDSDialTimeout(d time.Duration) CredentialOption

WithIMDSDialTimeout sets the dial timeout for the IMDS endpoint.

func WithResourceID

func WithResourceID(id string) CredentialOption

WithResourceID sets the resource ID.

func WithSecret

func WithSecret(secret string) CredentialOption

WithSecret sets the client secret.

type CredentialOptions

type CredentialOptions struct {
	// contains filtered or unexported fields
}

CredentialOptions contains options for the various credential types.

type ManagedIdentityCredential

type ManagedIdentityCredential struct {
	// contains filtered or unexported fields
}

ManagedIdentityCredential represents a managed identity credential for authentication to Azure according to the managed identity credential flow. It contains all the necessary settings to perform token requests.

func NewManagedIdentityCredential

func NewManagedIdentityCredential(options ...CredentialOption) (*ManagedIdentityCredential, error)

NewManagedIdentityCredential creates and returns a new *ManagedIdentityCredential.

func (*ManagedIdentityCredential) Token

func (c *ManagedIdentityCredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)

Token returns a new auth.Token for requests to the Azure REST API.