Categorygithub.com/hashicorp/go-azure-sdk/sdkauth
package
0.20240715.1103416
Repository: https://github.com/hashicorp/go-azure-sdk.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
34
Dependents
52
Files
1.9k SLOC

# README

Package: github.com/hashicorp/go-azure-sdk/sdk/auth

This package contains Authorizers which can be used to authenticate calls to the Azure APIs for use with hashicorp/go-azure-sdk.

Example: Authenticating using the Azure CLI

package main

import (
	"context"
	"log"

	"github.com/hashicorp/go-azure-sdk/sdk/auth"
	"github.com/hashicorp/go-azure-sdk/sdk/environments"
)

func main() {
	environment := environments.Public
	credentials := auth.Credentials{
		Environment:                       environment,
		EnableAuthenticatingUsingAzureCLI: true,
	}
	authorizer, err := auth.NewAuthorizerFromCredentials(context.TODO(), credentials, environment.MSGraph)
	if err != nil {
		log.Fatalf("building authorizer from credentials: %+v", err)
	}
	// ...
}

Example: Authenticating using a Client Certificate

package main

import (
	"context"
	"log"

	"github.com/hashicorp/go-azure-sdk/sdk/auth"
	"github.com/hashicorp/go-azure-sdk/sdk/environments"
)

func main() {
	environment := environments.Public
	credentials := auth.Credentials{
		Environment: environment,
		EnableAuthenticatingUsingClientCertificate: true,
		ClientCertificatePath:                      "/path/to/cert.pfx",
		ClientCertificatePassword:                  "somepassword",
	}
	authorizer, err := auth.NewAuthorizerFromCredentials(context.TODO(), credentials, environment.MSGraph)
	if err != nil {
		log.Fatalf("building authorizer from credentials: %+v", err)
	}
	// ..
}

Example: Authenticating using a Client Secret

import (
	"context"
	"log"

	"github.com/hashicorp/go-azure-sdk/sdk/auth"
	"github.com/hashicorp/go-azure-sdk/sdk/environments"
)

func main() {
	environment := environments.Public
	credentials := auth.Credentials{
		Environment:                           environment,
		EnableAuthenticatingUsingClientSecret: true,
		ClientSecret:                          "some-secret-value",
	}
	authorizer, err := auth.NewAuthorizerFromCredentials(context.TODO(), credentials, environment.MSGraph)
	if err != nil {
		log.Fatalf("building authorizer from credentials: %+v", err)
	}
	// ..
}

Example: Authenticating using a Managed Identity

package main

import (
	"context"
	"log"

	"github.com/hashicorp/go-azure-sdk/sdk/auth"
	"github.com/hashicorp/go-azure-sdk/sdk/environments"
)

func main() {
	environment := environments.Public
	credentials := auth.Credentials{
		Environment:                              environment,
		EnableAuthenticatingUsingManagedIdentity: true,
	}
	authorizer, err := auth.NewAuthorizerFromCredentials(context.TODO(), credentials, environment.MSGraph)
	if err != nil {
		log.Fatalf("building authorizer from credentials: %+v", err)
	}
	// ..
}

Example: Authenticating using GitHub OIDC

package main

import (
	"context"
	"log"
	"os"

	"github.com/hashicorp/go-azure-sdk/sdk/auth"
	"github.com/hashicorp/go-azure-sdk/sdk/environments"
)

func main() {
	environment := environments.Public
	credentials := auth.Credentials{
		Environment:                         environment,
		EnableAuthenticationUsingGitHubOIDC: true,
		GitHubOIDCTokenRequestURL:           os.Getenv("ACTIONS_ID_TOKEN_REQUEST_URL"),
		GitHubOIDCTokenRequestToken:         os.Getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN"),
	}
	authorizer, err := auth.NewAuthorizerFromCredentials(context.TODO(), credentials, environment.MSGraph)
	if err != nil {
		log.Fatalf("building authorizer from credentials: %+v", err)
	}
	// ..
}

Example: Authenticating using OIDC

package main

import (
	"context"
	"log"

	"github.com/hashicorp/go-azure-sdk/sdk/auth"
	"github.com/hashicorp/go-azure-sdk/sdk/environments"
)

func main() {
	environment := environments.Public
	credentials := auth.Credentials{
		Environment:                   environment,
		EnableAuthenticationUsingOIDC: true,
		OIDCAssertionToken:            "some-token",
	}
	authorizer, err := auth.NewAuthorizerFromCredentials(context.TODO(), credentials, environment.MSGraph)
	if err != nil {
		log.Fatalf("building authorizer from credentials: %+v", err)
	}
	// ..
}

# Packages

No description provided by the author

# Functions

NewAuthorizerFromCredentials returns a suitable Authorizer depending on what is defined in the Credentials Authorizers are selected for authentication methods in the following preferential order: - Client certificate authentication - Client secret authentication - OIDC authentication - GitHub OIDC authentication - MSI authentication - Azure CLI authentication Whether one of these is returned depends on whether it is enabled in the Credentials, and whether sufficient configuration fields are set to enable that authentication method.
NewAzureCliAuthorizer returns an Authorizer which authenticates using the Azure CLI.
NewCachedAuthorizer returns an Authorizer that caches an access token for the duration of its validity.
NewClientCertificateAuthorizer returns an authorizer which uses client certificate authentication.
NewClientSecretAuthorizer returns an authorizer which uses client secret authentication.
NewGitHubOIDCAuthorizer returns an authorizer which acquires a client assertion from a GitHub endpoint, then uses client assertion authentication to obtain an access token.
NewManagedIdentityAuthorizer returns an authorizer using a Managed Identity for authentication.
NewOIDCAuthorizer returns an authorizer which uses OIDC authentication (federated client credentials).
No description provided by the author
SetAuthHeader decorates a *http.Request with the Authorization header using a bearer token obtained from the Token method of the supplied Authorizer.

# Constants

No description provided by the author
No description provided by the author

# Variables

Client is the HTTP client used for sending authentication requests and obtaining tokens.
MetadataClient is the HTTP client used for obtaining tokens from the Instance Metadata Service.

# Structs

AzureCliAuthorizer is an Authorizer which supports the Azure CLI.
No description provided by the author
CachedAuthorizer caches a token until it expires, then acquires a new token from Source.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Credentials sets up NewAuthorizer to return an Authorizer based on the provided credentails.
No description provided by the author
No description provided by the author
ManagedIdentityAuthorizer is an Authorizer which supports managed service identity.
No description provided by the author
No description provided by the author
No description provided by the author

# Interfaces

Authorizer is anything that can return an access token for authorizing API connections.
CachingAuthorizer implements Authorizer whilst caching access tokens and offering a way to intentionally invalidate them.
HTTPClient is an HTTP client used for sending authentication requests and obtaining tokens.

# Type aliases

SharedKeyType defines the enumeration for the various shared key types.