Documentation ¶
Overview ¶
Package azure provides Azure-specific implementations used with AutoRest.
See the included examples for more detail.
Index ¶
- Constants
- Variables
- func DoPollForAsynchronous(delay time.Duration) autorest.SendDecorator
- func ExtractClientID(resp *http.Response) string
- func ExtractRequestID(resp *http.Response) string
- func IsAzureError(e error) bool
- func SaveToken(path string, mode os.FileMode, token Token) error
- func WithClientID(uuid string) autorest.PrepareDecorator
- func WithErrorUnlessStatusCode(codes ...int) autorest.RespondDecorator
- func WithReturnClientID(b bool) autorest.PrepareDecorator
- func WithReturningClientID(uuid string) autorest.PrepareDecorator
- type DeviceCode
- type Environment
- type OAuthConfig
- type RequestError
- type ServiceError
- type ServicePrincipalCertificateSecret
- type ServicePrincipalNoSecret
- type ServicePrincipalSecret
- type ServicePrincipalToken
- func NewServicePrincipalToken(oauthConfig OAuthConfig, clientID string, secret string, resource string, ...) (*ServicePrincipalToken, error)
- func NewServicePrincipalTokenFromCertificate(oauthConfig OAuthConfig, clientID string, certificate *x509.Certificate, ...) (*ServicePrincipalToken, error)
- func NewServicePrincipalTokenFromManualToken(oauthConfig OAuthConfig, clientID string, resource string, token Token, ...) (*ServicePrincipalToken, error)
- func NewServicePrincipalTokenWithSecret(oauthConfig OAuthConfig, id string, resource string, ...) (*ServicePrincipalToken, error)
- func (spt *ServicePrincipalToken) EnsureFresh() error
- func (spt *ServicePrincipalToken) InvokeRefreshCallbacks(token Token) error
- func (spt *ServicePrincipalToken) Refresh() error
- func (spt *ServicePrincipalToken) RefreshExchange(resource string) error
- func (spt *ServicePrincipalToken) SetAutoRefresh(autoRefresh bool)
- func (spt *ServicePrincipalToken) SetRefreshWithin(d time.Duration)
- func (spt *ServicePrincipalToken) SetSender(s autorest.Sender)
- func (spt *ServicePrincipalToken) WithAuthorization() autorest.PrepareDecorator
- type ServicePrincipalTokenSecret
- type Token
- type TokenError
- type TokenRefreshCallback
Examples ¶
Constants ¶
const ( // HeaderClientID is the Azure extension header to set a user-specified request ID. HeaderClientID = "x-ms-client-request-id" // HeaderReturnClientID is the Azure extension header to set if the user-specified request ID // should be included in the response. HeaderReturnClientID = "x-ms-return-client-request-id" // HeaderRequestID is the Azure extension header of the service generated request ID returned // in the response. HeaderRequestID = "x-ms-request-id" )
const ( // OAuthGrantTypeDeviceCode is the "grant_type" identifier used in device flow OAuthGrantTypeDeviceCode = "device_code" // OAuthGrantTypeClientCredentials is the "grant_type" identifier used in credential flows OAuthGrantTypeClientCredentials = "client_credentials" // OAuthGrantTypeRefreshToken is the "grant_type" identifier used in refresh token flows OAuthGrantTypeRefreshToken = "refresh_token" )
Variables ¶
var ( // ErrDeviceGeneric represents an unknown error from the token endpoint when using device flow ErrDeviceGeneric = fmt.Errorf("%s Error while retrieving OAuth token: Unknown Error", logPrefix) // ErrDeviceAccessDenied represents an access denied error from the token endpoint when using device flow ErrDeviceAccessDenied = fmt.Errorf("%s Error while retrieving OAuth token: Access Denied", logPrefix) // ErrDeviceAuthorizationPending represents the server waiting on the user to complete the device flow ErrDeviceAuthorizationPending = fmt.Errorf("%s Error while retrieving OAuth token: Authorization Pending", logPrefix) // ErrDeviceCodeExpired represents the server timing out and expiring the code during device flow ErrDeviceCodeExpired = fmt.Errorf("%s Error while retrieving OAuth token: Code Expired", logPrefix) // ErrDeviceSlowDown represents the service telling us we're polling too often during device flow ErrDeviceSlowDown = fmt.Errorf("%s Error while retrieving OAuth token: Slow Down", logPrefix) )
var ( // PublicCloud is the default public Azure cloud environment PublicCloud = Environment{ Name: "AzurePublicCloud", ManagementPortalURL: "https://manage.windowsazure.com/", PublishSettingsURL: "https://manage.windowsazure.com/publishsettings/index", ServiceManagementEndpoint: "https://management.core.windows.net/", ResourceManagerEndpoint: "https://management.azure.com/", ActiveDirectoryEndpoint: "https://login.microsoftonline.com/", GalleryEndpoint: "https://gallery.azure.com/", KeyVaultEndpoint: "https://vault.azure.net/", GraphEndpoint: "https://graph.windows.net/", StorageEndpointSuffix: "core.windows.net", SQLDatabaseDNSSuffix: "database.windows.net", TrafficManagerDNSSuffix: "trafficmanager.net", KeyVaultDNSSuffix: "vault.azure.net", ServiceBusEndpointSuffix: "servicebus.azure.com", ServiceManagementVMDNSSuffix: "cloudapp.net", ResourceManagerVMDNSSuffix: "cloudapp.azure.com", ContainerRegistryDNSSuffix: "azurecr.io", } // USGovernmentCloud is the cloud environment for the US Government USGovernmentCloud = Environment{ Name: "AzureUSGovernmentCloud", ManagementPortalURL: "https://manage.windowsazure.us/", PublishSettingsURL: "https://manage.windowsazure.us/publishsettings/index", ServiceManagementEndpoint: "https://management.core.usgovcloudapi.net/", ResourceManagerEndpoint: "https://management.usgovcloudapi.net/", ActiveDirectoryEndpoint: "https://login.microsoftonline.com/", GalleryEndpoint: "https://gallery.usgovcloudapi.net/", KeyVaultEndpoint: "https://vault.usgovcloudapi.net/", GraphEndpoint: "https://graph.usgovcloudapi.net/", StorageEndpointSuffix: "core.usgovcloudapi.net", SQLDatabaseDNSSuffix: "database.usgovcloudapi.net", TrafficManagerDNSSuffix: "usgovtrafficmanager.net", KeyVaultDNSSuffix: "vault.usgovcloudapi.net", ServiceBusEndpointSuffix: "servicebus.usgovcloudapi.net", ServiceManagementVMDNSSuffix: "usgovcloudapp.net", ResourceManagerVMDNSSuffix: "cloudapp.windowsazure.us", ContainerRegistryDNSSuffix: "azurecr.io", } // ChinaCloud is the cloud environment operated in China ChinaCloud = Environment{ Name: "AzureChinaCloud", ManagementPortalURL: "https://manage.chinacloudapi.com/", PublishSettingsURL: "https://manage.chinacloudapi.com/publishsettings/index", ServiceManagementEndpoint: "https://management.core.chinacloudapi.cn/", ResourceManagerEndpoint: "https://management.chinacloudapi.cn/", ActiveDirectoryEndpoint: "https://login.chinacloudapi.cn/", GalleryEndpoint: "https://gallery.chinacloudapi.cn/", KeyVaultEndpoint: "https://vault.azure.cn/", GraphEndpoint: "https://graph.chinacloudapi.cn/", StorageEndpointSuffix: "core.chinacloudapi.cn", SQLDatabaseDNSSuffix: "database.chinacloudapi.cn", TrafficManagerDNSSuffix: "trafficmanager.cn", KeyVaultDNSSuffix: "vault.azure.cn", ServiceBusEndpointSuffix: "servicebus.chinacloudapi.net", ServiceManagementVMDNSSuffix: "chinacloudapp.cn", ResourceManagerVMDNSSuffix: "cloudapp.azure.cn", ContainerRegistryDNSSuffix: "azurecr.io", } // GermanCloud is the cloud environment operated in Germany GermanCloud = Environment{ Name: "AzureGermanCloud", ManagementPortalURL: "http://portal.microsoftazure.de/", PublishSettingsURL: "https://manage.microsoftazure.de/publishsettings/index", ServiceManagementEndpoint: "https://management.core.cloudapi.de/", ResourceManagerEndpoint: "https://management.microsoftazure.de/", ActiveDirectoryEndpoint: "https://login.microsoftonline.de/", GalleryEndpoint: "https://gallery.cloudapi.de/", KeyVaultEndpoint: "https://vault.microsoftazure.de/", GraphEndpoint: "https://graph.cloudapi.de/", StorageEndpointSuffix: "core.cloudapi.de", SQLDatabaseDNSSuffix: "database.cloudapi.de", TrafficManagerDNSSuffix: "azuretrafficmanager.de", KeyVaultDNSSuffix: "vault.microsoftazure.de", ServiceBusEndpointSuffix: "servicebus.cloudapi.de", ServiceManagementVMDNSSuffix: "azurecloudapp.de", ResourceManagerVMDNSSuffix: "cloudapp.microsoftazure.de", ContainerRegistryDNSSuffix: "azurecr.io", } )
Functions ¶
func DoPollForAsynchronous ¶
func DoPollForAsynchronous(delay time.Duration) autorest.SendDecorator
DoPollForAsynchronous returns a SendDecorator that polls if the http.Response is for an Azure long-running operation. It will delay between requests for the duration specified in the RetryAfter header or, if the header is absent, the passed delay. Polling may be canceled by closing the optional channel on the http.Request.
func ExtractClientID ¶
ExtractClientID extracts the client identifier from the x-ms-client-request-id header set on the http.Request sent to the service (and returned in the http.Response)
func ExtractRequestID ¶
ExtractRequestID extracts the Azure server generated request identifier from the x-ms-request-id header.
func IsAzureError ¶
IsAzureError returns true if the passed error is an Azure Service error; false otherwise.
func SaveToken ¶
SaveToken persists an oauth token at the given location on disk. It moves the new file into place so it can safely be used to replace an existing file that maybe accessed by multiple processes.
func WithClientID ¶
func WithClientID(uuid string) autorest.PrepareDecorator
WithClientID returns a PrepareDecorator that adds an HTTP extension header of x-ms-client-request-id whose value is passed, undecorated UUID (e.g., "0F39878C-5F76-4DB8-A25D-61D2C193C3CA").
Example ¶
Use a Client Inspector to set the request identifier.
uuid := "71FDB9F4-5E49-4C12-B266-DE7B4FD999A6" req, _ := autorest.Prepare(&http.Request{}, autorest.AsGet(), autorest.WithBaseURL("https://microsoft.com/a/b/c/")) c := autorest.Client{Sender: mocks.NewSender()} c.RequestInspector = WithReturningClientID(uuid) autorest.SendWithSender(c, req) fmt.Printf("Inspector added the %s header with the value %s\n", HeaderClientID, req.Header.Get(HeaderClientID)) fmt.Printf("Inspector added the %s header with the value %s\n", HeaderReturnClientID, req.Header.Get(HeaderReturnClientID))
Output: Inspector added the x-ms-client-request-id header with the value 71FDB9F4-5E49-4C12-B266-DE7B4FD999A6 Inspector added the x-ms-return-client-request-id header with the value true
func WithErrorUnlessStatusCode ¶
func WithErrorUnlessStatusCode(codes ...int) autorest.RespondDecorator
WithErrorUnlessStatusCode returns a RespondDecorator that emits an azure.RequestError by reading the response body unless the response HTTP status code is among the set passed.
If there is a chance service may return responses other than the Azure error format and the response cannot be parsed into an error, a decoding error will be returned containing the response body. In any case, the Responder will return an error if the status code is not satisfied.
If this Responder returns an error, the response body will be replaced with an in-memory reader, which needs no further closing.
func WithReturnClientID ¶
func WithReturnClientID(b bool) autorest.PrepareDecorator
WithReturnClientID returns a PrepareDecorator that adds an HTTP extension header of x-ms-return-client-request-id whose boolean value indicates if the value of the x-ms-client-request-id header should be included in the http.Response.
func WithReturningClientID ¶
func WithReturningClientID(uuid string) autorest.PrepareDecorator
WithReturningClientID returns a PrepareDecorator that adds an HTTP extension header of x-ms-client-request-id whose value is the passed, undecorated UUID (e.g., "0F39878C-5F76-4DB8-A25D-61D2C193C3CA"). It also sets the x-ms-return-client-request-id header to true such that UUID accompanies the http.Response.
Types ¶
type DeviceCode ¶
type DeviceCode struct { DeviceCode *string `json:"device_code,omitempty"` UserCode *string `json:"user_code,omitempty"` VerificationURL *string `json:"verification_url,omitempty"` ExpiresIn *int64 `json:"expires_in,string,omitempty"` Interval *int64 `json:"interval,string,omitempty"` Message *string `json:"message"` // Azure specific Resource string // store the following, stored when initiating, used when exchanging OAuthConfig OAuthConfig ClientID string }
DeviceCode is the object returned by the device auth endpoint It contains information to instruct the user to complete the auth flow
func InitiateDeviceAuth ¶
func InitiateDeviceAuth(client *autorest.Client, oauthConfig OAuthConfig, clientID, resource string) (*DeviceCode, error)
InitiateDeviceAuth initiates a device auth flow. It returns a DeviceCode that can be used with CheckForUserCompletion or WaitForUserCompletion.
type Environment ¶
type Environment struct { Name string `json:"name"` ManagementPortalURL string `json:"managementPortalURL"` PublishSettingsURL string `json:"publishSettingsURL"` ServiceManagementEndpoint string `json:"serviceManagementEndpoint"` ResourceManagerEndpoint string `json:"resourceManagerEndpoint"` ActiveDirectoryEndpoint string `json:"activeDirectoryEndpoint"` GalleryEndpoint string `json:"galleryEndpoint"` KeyVaultEndpoint string `json:"keyVaultEndpoint"` GraphEndpoint string `json:"graphEndpoint"` StorageEndpointSuffix string `json:"storageEndpointSuffix"` SQLDatabaseDNSSuffix string `json:"sqlDatabaseDNSSuffix"` TrafficManagerDNSSuffix string `json:"trafficManagerDNSSuffix"` KeyVaultDNSSuffix string `json:"keyVaultDNSSuffix"` ServiceBusEndpointSuffix string `json:"serviceBusEndpointSuffix"` ServiceManagementVMDNSSuffix string `json:"serviceManagementVMDNSSuffix"` ResourceManagerVMDNSSuffix string `json:"resourceManagerVMDNSSuffix"` ContainerRegistryDNSSuffix string `json:"containerRegistryDNSSuffix"` }
Environment represents a set of endpoints for each of Azure's Clouds.
func EnvironmentFromName ¶
func EnvironmentFromName(name string) (Environment, error)
EnvironmentFromName returns an Environment based on the common name specified
func (Environment) OAuthConfigForTenant ¶
func (env Environment) OAuthConfigForTenant(tenantID string) (*OAuthConfig, error)
OAuthConfigForTenant returns an OAuthConfig with tenant specific urls
type OAuthConfig ¶
type OAuthConfig struct { AuthorizeEndpoint url.URL TokenEndpoint url.URL DeviceCodeEndpoint url.URL }
OAuthConfig represents the endpoints needed in OAuth operations
func OAuthConfigForTenant ¶
func OAuthConfigForTenant(activeDirectoryEndpoint, tenantID string) (*OAuthConfig, error)
OAuthConfigForTenant returns an OAuthConfig with tenant specific urls for target cloud auth endpoint
type RequestError ¶
type RequestError struct { autorest.DetailedError // The error returned by the Azure service. ServiceError *ServiceError `json:"error"` // The request id (from the x-ms-request-id-header) of the request. RequestID string }
RequestError describes an error response returned by Azure service.
func NewErrorWithError ¶
func NewErrorWithError(original error, packageType string, method string, resp *http.Response, message string, args ...interface{}) RequestError
NewErrorWithError creates a new Error conforming object from the passed packageType, method, statusCode of the given resp (UndefinedStatusCode if resp is nil), message, and original error. message is treated as a format string to which the optional args apply.
func (RequestError) Error ¶
func (e RequestError) Error() string
Error returns a human-friendly error message from service error.
type ServiceError ¶
type ServiceError struct { Code string `json:"code"` Message string `json:"message"` Details *[]interface{} `json:"details"` }
ServiceError encapsulates the error response from an Azure service.
func (ServiceError) Error ¶
func (se ServiceError) Error() string
type ServicePrincipalCertificateSecret ¶ added in v1.1.0
type ServicePrincipalCertificateSecret struct { Certificate *x509.Certificate PrivateKey *rsa.PrivateKey }
ServicePrincipalCertificateSecret implements ServicePrincipalSecret for generic RSA cert auth with signed JWTs.
func (*ServicePrincipalCertificateSecret) SetAuthenticationValues ¶ added in v1.1.0
func (secret *ServicePrincipalCertificateSecret) SetAuthenticationValues(spt *ServicePrincipalToken, v *url.Values) error
SetAuthenticationValues is a method of the interface ServicePrincipalSecret. It will populate the form submitted during oAuth Token Acquisition using a JWT signed with a certificate.
func (*ServicePrincipalCertificateSecret) SignJwt ¶ added in v1.1.0
func (secret *ServicePrincipalCertificateSecret) SignJwt(spt *ServicePrincipalToken) (string, error)
SignJwt returns the JWT signed with the certificate's private key.
type ServicePrincipalNoSecret ¶
type ServicePrincipalNoSecret struct { }
ServicePrincipalNoSecret represents a secret type that contains no secret meaning it is not valid for fetching a fresh token. This is used by Manual
func (*ServicePrincipalNoSecret) SetAuthenticationValues ¶
func (noSecret *ServicePrincipalNoSecret) SetAuthenticationValues(spt *ServicePrincipalToken, v *url.Values) error
SetAuthenticationValues is a method of the interface ServicePrincipalSecret It only returns an error for the ServicePrincipalNoSecret type
type ServicePrincipalSecret ¶ added in v1.1.0
type ServicePrincipalSecret interface {
SetAuthenticationValues(spt *ServicePrincipalToken, values *url.Values) error
}
ServicePrincipalSecret is an interface that allows various secret mechanism to fill the form that is submitted when acquiring an oAuth token.
type ServicePrincipalToken ¶
type ServicePrincipalToken struct { Token // contains filtered or unexported fields }
ServicePrincipalToken encapsulates a Token created for a Service Principal.
func NewServicePrincipalToken ¶
func NewServicePrincipalToken(oauthConfig OAuthConfig, clientID string, secret string, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error)
NewServicePrincipalToken creates a ServicePrincipalToken from the supplied Service Principal credentials scoped to the named resource.
func NewServicePrincipalTokenFromCertificate ¶ added in v1.1.0
func NewServicePrincipalTokenFromCertificate(oauthConfig OAuthConfig, clientID string, certificate *x509.Certificate, privateKey *rsa.PrivateKey, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error)
NewServicePrincipalTokenFromCertificate create a ServicePrincipalToken from the supplied pkcs12 bytes.
func NewServicePrincipalTokenFromManualToken ¶
func NewServicePrincipalTokenFromManualToken(oauthConfig OAuthConfig, clientID string, resource string, token Token, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error)
NewServicePrincipalTokenFromManualToken creates a ServicePrincipalToken using the supplied token
func NewServicePrincipalTokenWithSecret ¶ added in v1.1.0
func NewServicePrincipalTokenWithSecret(oauthConfig OAuthConfig, id string, resource string, secret ServicePrincipalSecret, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error)
NewServicePrincipalTokenWithSecret create a ServicePrincipalToken using the supplied ServicePrincipalSecret implementation.
func (*ServicePrincipalToken) EnsureFresh ¶
func (spt *ServicePrincipalToken) EnsureFresh() error
EnsureFresh will refresh the token if it will expire within the refresh window (as set by RefreshWithin).
func (*ServicePrincipalToken) InvokeRefreshCallbacks ¶
func (spt *ServicePrincipalToken) InvokeRefreshCallbacks(token Token) error
InvokeRefreshCallbacks calls any TokenRefreshCallbacks that were added to the SPT during initialization
func (*ServicePrincipalToken) Refresh ¶
func (spt *ServicePrincipalToken) Refresh() error
Refresh obtains a fresh token for the Service Principal.
func (*ServicePrincipalToken) RefreshExchange ¶
func (spt *ServicePrincipalToken) RefreshExchange(resource string) error
RefreshExchange refreshes the token, but for a different resource.
func (*ServicePrincipalToken) SetAutoRefresh ¶
func (spt *ServicePrincipalToken) SetAutoRefresh(autoRefresh bool)
SetAutoRefresh enables or disables automatic refreshing of stale tokens.
func (*ServicePrincipalToken) SetRefreshWithin ¶
func (spt *ServicePrincipalToken) SetRefreshWithin(d time.Duration)
SetRefreshWithin sets the interval within which if the token will expire, EnsureFresh will refresh the token.
func (*ServicePrincipalToken) SetSender ¶
func (spt *ServicePrincipalToken) SetSender(s autorest.Sender)
SetSender sets the autorest.Sender used when obtaining the Service Principal token. An undecorated http.Client is used by default.
func (*ServicePrincipalToken) WithAuthorization ¶
func (spt *ServicePrincipalToken) WithAuthorization() autorest.PrepareDecorator
WithAuthorization returns a PrepareDecorator that adds an HTTP Authorization header whose value is "Bearer " followed by the AccessToken of the ServicePrincipalToken.
By default, the token will automatically refresh if nearly expired (as determined by the RefreshWithin interval). Use the AutoRefresh method to enable or disable automatically refreshing tokens.
type ServicePrincipalTokenSecret ¶ added in v1.1.0
type ServicePrincipalTokenSecret struct {
ClientSecret string
}
ServicePrincipalTokenSecret implements ServicePrincipalSecret for client_secret type authorization.
func (*ServicePrincipalTokenSecret) SetAuthenticationValues ¶ added in v1.1.0
func (tokenSecret *ServicePrincipalTokenSecret) SetAuthenticationValues(spt *ServicePrincipalToken, v *url.Values) error
SetAuthenticationValues is a method of the interface ServicePrincipalSecret. It will populate the form submitted during oAuth Token Acquisition using the client_secret.
type Token ¶
type Token struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` ExpiresIn string `json:"expires_in"` ExpiresOn string `json:"expires_on"` NotBefore string `json:"not_before"` Resource string `json:"resource"` Type string `json:"token_type"` }
Token encapsulates the access token used to authorize Azure requests.
func CheckForUserCompletion ¶
func CheckForUserCompletion(client *autorest.Client, code *DeviceCode) (*Token, error)
CheckForUserCompletion takes a DeviceCode and checks with the Azure AD OAuth endpoint to see if the device flow has: been completed, timed out, or otherwise failed
func WaitForUserCompletion ¶
func WaitForUserCompletion(client *autorest.Client, code *DeviceCode) (*Token, error)
WaitForUserCompletion calls CheckForUserCompletion repeatedly until a token is granted or an error state occurs. This prevents the user from looping and checking against 'ErrDeviceAuthorizationPending'.
func (Token) WillExpireIn ¶
WillExpireIn returns true if the Token will expire after the passed time.Duration interval from now, false otherwise.
func (*Token) WithAuthorization ¶
func (t *Token) WithAuthorization() autorest.PrepareDecorator
WithAuthorization returns a PrepareDecorator that adds an HTTP Authorization header whose value is "Bearer " followed by the AccessToken of the Token.
type TokenError ¶
type TokenError struct { Error *string `json:"error,omitempty"` ErrorCodes []int `json:"error_codes,omitempty"` ErrorDescription *string `json:"error_description,omitempty"` Timestamp *string `json:"timestamp,omitempty"` TraceID *string `json:"trace_id,omitempty"` }
TokenError is the object returned by the token exchange endpoint when something is amiss
type TokenRefreshCallback ¶
TokenRefreshCallback is the type representing callbacks that will be called after a successful token refresh