example

command

v2.0.0+incompatible Latest Latest Go to latest Published: Nov 30, 2015 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/diamanticom/go-autorest

Links

Open Source Insights

README ¶

autorest azure example

Usage

This example covers how to make an authenticated call to the Azure Resource Manager APIs, using certificate-based authentication.

Export some required variables

export SUBSCRIPTION_ID="aff271ee-e9be-4441-b9bb-42f5af4cbaeb"
export TENANT_ID="13de0a15-b5db-44b9-b682-b4ba82afbd29"
export RESOURCE_GROUP="someresourcegroup"

replace both values with your own

Create a private key
```
openssl genrsa -out "example.key" 2048
```

Create the certificate

openssl req -new -key "example.key" -subj "/CN=example" -out "example.csr"

openssl x509 -req -in "example.csr" -signkey "example.key" -out "example.crt" -days 10000

Create the PKCS12 version of the certificate (with no password)

openssl pkcs12 -export -out "example.pfx" -inkey "example.key" -in "example.crt" -passout pass:

Register a new Azure AD Application with the certificate contents

certificateContents="$(tail -n+2 "example.key" | head -n-1)"

azure ad app create \
    --name "example-azuread-app" \
    --home-page="http://example-azuread-app/home" \
    --identifier-uris "http://example-azuread-app/app" \
    --key-usage "Verify" \
    --end-date "2020-01-01" \
    --key-value "${certificateContents}"

Create a new service principal using the "Application Id" from the previous step
```
azure ad sp create "APPLICATION_ID"
```
- Replace APPLICATION_ID with the "Application Id" returned in step 4
Grant your service principal necessary permissions
```
azure role assignment create \
    --resource-group "${RESOURCE_GROUP}" \
    --roleName "Contributor" \
    --subscription "${SUBSCRIPTION_ID}" \
    --spn "http://example-azuread-app/app"
```
- Replace SUBSCRIPTION_ID with your subscription id
- Replace RESOURCE_GROUP with the resource group for the assignment
- Ensure that the spn parameter matches an identifier-url from Step 4

Run this example app to see your resource groups

go run main.go \
    --tenantId="${TENANT_ID}" \
    --subscriptionId="${SUBSCRIPTION_ID}" \
    --applicationId="http://example-azuread-app/app" \
    --certificatePath="certificate.pfx"

You should see something like this as output:

2015/11/08 18:28:39 Using these settings:
2015/11/08 18:28:39 * certificatePath: certificate.pfx
2015/11/08 18:28:39 * applicationID: http://example-azuread-app/app
2015/11/08 18:28:39 * tenantID: 13de0a15-b5db-44b9-b682-b4ba82afbd29
2015/11/08 18:28:39 * subscriptionID: aff271ee-e9be-4441-b9bb-42f5af4cbaeb
2015/11/08 18:28:39 loading certificate... 
2015/11/08 18:28:39 retrieve oauth token... 
2015/11/08 18:28:39 querying the list of resource groups... 
2015/11/08 18:28:50 
2015/11/08 18:28:50 Groups: {"value":[{"id":"/subscriptions/aff271ee-e9be-4441-b9bb-42f5af4cbaeb/resourceGroups/kube-66f30810","name":"kube-66f30810","location":"westus","tags":{},"properties":{"provisioningState":"Succeeded"}}]}

Notes

You may need to wait sometime between executing step 4, step 5 and step 6. If you issue those requests too quickly, you might hit an AD server that is not consistent with the server where the resource was created.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL