Skip to content

Commit

Permalink
Allow a new authorizer to be created from a configuration file by spe…
Browse files Browse the repository at this point in the history 
…cifying a resource instead of a base url.

This enables resource like KeyVault and Container Registry to use an authorizer configured from a configuration file.
  • Loading branch information
@nphmuller
nphmuller committed Sep 4, 2018
1 parent 03b8d03 commit 39469b0
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 13 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ _obj
_test
.DS_Store
.idea/
.vscode/

# Architecture specific extensions/prefixes
*.[568vq]
Expand Down
42 changes: 30 additions & 12 deletions autorest/azure/auth/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,44 +135,62 @@ func (settings settings) getAuthorizer() (autorest.Authorizer, error) {

// NewAuthorizerFromFile creates an Authorizer configured from a configuration file.
func NewAuthorizerFromFile(baseURI string) (autorest.Authorizer, error) {
fileLocation := os.Getenv("AZURE_AUTH_LOCATION")
if fileLocation == "" {
return nil, errors.New("auth file not found. Environment variable AZURE_AUTH_LOCATION is not set")
file, err := getAuthFile()
if err != nil {
return nil, err
}

contents, err := ioutil.ReadFile(fileLocation)
resource, err := getResourceForToken(*file, baseURI)
if err != nil {
return nil, err
}
return NewAuthorizerFromFileWithResource(resource)
}

// Auth file might be encoded
decoded, err := decode(contents)
// NewAuthorizerFromFileWithResource creates an Authorizer configured from a configuration file.
func NewAuthorizerFromFileWithResource(resource string) (autorest.Authorizer, error) {
file, err := getAuthFile()
if err != nil {
return nil, err
}

file := file{}
err = json.Unmarshal(decoded, &file)
config, err := adal.NewOAuthConfig(file.ActiveDirectoryEndpoint, file.TenantID)
if err != nil {
return nil, err
}

resource, err := getResourceForToken(file, baseURI)
spToken, err := adal.NewServicePrincipalToken(*config, file.ClientID, file.ClientSecret, resource)
if err != nil {
return nil, err
}

config, err := adal.NewOAuthConfig(file.ActiveDirectoryEndpoint, file.TenantID)
return autorest.NewBearerAuthorizer(spToken), nil
}

func getAuthFile() (*file, error) {
fileLocation := os.Getenv("AZURE_AUTH_LOCATION")
if fileLocation == "" {
return nil, errors.New("auth file not found. Environment variable AZURE_AUTH_LOCATION is not set")
}

contents, err := ioutil.ReadFile(fileLocation)
if err != nil {
return nil, err
}

spToken, err := adal.NewServicePrincipalToken(*config, file.ClientID, file.ClientSecret, resource)
// Auth file might be encoded
decoded, err := decode(contents)
if err != nil {
return nil, err
}

return autorest.NewBearerAuthorizer(spToken), nil
authFile := file{}
err = json.Unmarshal(decoded, &authFile)
if err != nil {
return nil, err
}

return &authFile, nil
}

// File represents the authentication file
Expand Down
23 changes: 22 additions & 1 deletion autorest/azure/auth/auth_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,35 @@ func TestNewAuthorizerFromFile(t *testing.T) {
}
}

func TestNewAuthorizerFromFileWithResource(t *testing.T) {
os.Setenv("AZURE_AUTH_LOCATION", filepath.Join(getCredsPath(), "credsutf16le.json"))
authorizer, err := NewAuthorizerFromFileWithResource("https://my.vault.azure.net")
if err != nil || authorizer == nil {
t.Logf("NewAuthorizerFromFileWithResource failed, got error %v", err)
t.Fail()
}
}

func TestNewAuthorizerFromEnvironment(t *testing.T) {
os.Setenv("AZURE_TENANT_ID", expectedFile.TenantID)
os.Setenv("AZURE_CLIENT_ID", expectedFile.ClientID)
os.Setenv("AZURE_CLIENT_SECRET", expectedFile.ClientSecret)
authorizer, err := NewAuthorizerFromEnvironment()

if err != nil || authorizer == nil {
t.Logf("NewAuthorizerFromFile failed, got error %v", err)
t.Logf("NewAuthorizerFromEnvironment failed, got error %v", err)
t.Fail()
}
}

func TestNewAuthorizerFromEnvironmentWithResource(t *testing.T) {
os.Setenv("AZURE_TENANT_ID", expectedFile.TenantID)
os.Setenv("AZURE_CLIENT_ID", expectedFile.ClientID)
os.Setenv("AZURE_CLIENT_SECRET", expectedFile.ClientSecret)
authorizer, err := NewAuthorizerFromEnvironmentWithResource("https://my.vault.azure.net")

if err != nil || authorizer == nil {
t.Logf("NewAuthorizerFromEnvironmentWithResource failed, got error %v", err)
t.Fail()
}
}
Expand Down

0 comments on commit 39469b0

Please sign in to comment.