Documentation
¶
Index ¶
- Constants
- func GetClientOptions(locationCfg, creds map[string]string) (policy.ClientOptions, error)
- func GetFromLocationConfigOrCredential(cfg, creds map[string]string, cfgKey, credKey string) string
- func GetStorageAccountCredentials(bslCfg map[string]string, creds map[string]string) (map[string]string, error)
- func LoadCredentials(config map[string]string) (map[string]string, error)
- func NewCredential(creds map[string]string, options policy.ClientOptions) (azcore.TokenCredential, error)
- func NewStorageClient(log logrus.FieldLogger, config map[string]string) (*azblob.Client, *azblob.SharedKeyCredential, error)
Constants ¶
const ( // the keys of Azure BSL config: // https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/main/backupstoragelocation.md BSLConfigResourceGroup = "resourceGroup" BSLConfigStorageAccount = "storageAccount" BSLConfigStorageAccountAccessKeyName = "storageAccountKeyEnvVar" BSLConfigSubscriptionID = "subscriptionId" BSLConfigStorageAccountURI = "storageAccountURI" BSLConfigUseAAD = "useAAD" BSLConfigActiveDirectoryAuthorityURI = "activeDirectoryAuthorityURI" )
const ( // the keys of Azure variables in credential CredentialKeySubscriptionID = "AZURE_SUBSCRIPTION_ID" // #nosec CredentialKeyResourceGroup = "AZURE_RESOURCE_GROUP" // #nosec CredentialKeyCloudName = "AZURE_CLOUD_NAME" // #nosec CredentialKeyStorageAccountAccessKey = "AZURE_STORAGE_KEY" // #nosec CredentialKeyAdditionallyAllowedTenants = "AZURE_ADDITIONALLY_ALLOWED_TENANTS" // #nosec CredentialKeyTenantID = "AZURE_TENANT_ID" // #nosec CredentialKeyClientID = "AZURE_CLIENT_ID" // #nosec CredentialKeyClientSecret = "AZURE_CLIENT_SECRET" // #nosec CredentialKeyClientCertificate = "AZURE_CLIENT_CERTIFICATE" // #nosec CredentialKeyClientCertificatePath = "AZURE_CLIENT_CERTIFICATE_PATH" // #nosec CredentialKeyClientCertificatePassword = "AZURE_CLIENT_CERTIFICATE_PASSWORD" // #nosec CredentialKeySendCertChain = "AZURE_CLIENT_SEND_CERTIFICATE_CHAIN" // #nosec CredentialKeyUsername = "AZURE_USERNAME" // #nosec CredentialKeyPassword = "AZURE_PASSWORD" // #nosec )
Variables ¶
This section is empty.
Functions ¶
func GetClientOptions ¶
func GetClientOptions(locationCfg, creds map[string]string) (policy.ClientOptions, error)
GetClientOptions returns the client options based on the BSL/VSL config and credentials
func GetFromLocationConfigOrCredential ¶
GetFromLocationConfigOrCredential returns the value of the specified key from BSL/VSL config or credentials as some common configuration items can be set in BSL/VSL config or credential file(such as the subscription ID or resource group) Reading from BSL/VSL config takes first.
func GetStorageAccountCredentials ¶
func GetStorageAccountCredentials(bslCfg map[string]string, creds map[string]string) (map[string]string, error)
GetStorageAccountCredentials returns the credentials to interactive with storage account according to the config of BSL and credential file by the following order: 1. Return the storage account access key directly if it is provided 2. Return the content of the credential file directly if "userAAD" is set as true in BSL config 3. Call Azure API to exchange the storage account access key
func LoadCredentials ¶
LoadCredentials gets the credential file from config and loads it into a map
func NewCredential ¶
func NewCredential(creds map[string]string, options policy.ClientOptions) (azcore.TokenCredential, error)
NewCredential constructs a Credential that tries the config credential, workload identity credential and managed identity credential according to the provided creds.
func NewStorageClient ¶
func NewStorageClient(log logrus.FieldLogger, config map[string]string) (*azblob.Client, *azblob.SharedKeyCredential, error)
NewStorageClient creates a blob storage client(data plane) with the provided config which contains BSL config and the credential file name. The returned azblob.SharedKeyCredential is needed for Azure plugin to generate the SAS URL when auth with storage account access key
Types ¶
This section is empty.
Source Files