From d75317711a90ef222b7539f9e84f5076d336a637 Mon Sep 17 00:00:00 2001 From: Adam Kingsley Date: Fri, 22 Mar 2024 07:30:05 +0100 Subject: [PATCH] Respect AZURE_CLIENT_ID, ANSIBLE_AZURE_AUTH_SOURCE on inventory plugin (#713) * Attemp to pull environment variables if not set. * Set ansible azure auth source further upstream * Updates to documentation * Update plugins/doc_fragments/azure.py Co-authored-by: Fred-sun <37327967+Fred-sun@users.noreply.github.com> * doc_fragments/azure.py Documentation update * Update plugins/doc_fragments/azure.py Co-authored-by: Fred-sun <37327967+Fred-sun@users.noreply.github.com> * Move all logic within azure_rm_common.py * Removed unused import * Move back to setting auth source in inventory --------- Co-authored-by: Fred-sun <37327967+Fred-sun@users.noreply.github.com> --- plugins/doc_fragments/azure.py | 3 ++- plugins/inventory/azure_rm.py | 4 +++- plugins/module_utils/azure_rm_common.py | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/doc_fragments/azure.py b/plugins/doc_fragments/azure.py index 28f053f57..74c1286ac 100644 --- a/plugins/doc_fragments/azure.py +++ b/plugins/doc_fragments/azure.py @@ -34,7 +34,8 @@ class ModuleDocFragment(object): type: str client_id: description: - - Azure client ID. Use when authenticating with a Service Principal. + - Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). + - Can also be set via the C(AZURE_CLIENT_ID) environment variable. type: str secret: description: diff --git a/plugins/inventory/azure_rm.py b/plugins/inventory/azure_rm.py index b82888f40..12970dec3 100644 --- a/plugins/inventory/azure_rm.py +++ b/plugins/inventory/azure_rm.py @@ -138,6 +138,7 @@ from ansible.module_utils.parsing.convert_bool import boolean from ansible.module_utils._text import to_native, to_bytes, to_text from itertools import chain +from os import environ try: from azure.core._pipeline_client import PipelineClient @@ -234,8 +235,9 @@ def parse(self, inventory, loader, path, cache=True): raise def _credential_setup(self): + auth_source = environ.get('ANSIBLE_AZURE_AUTH_SOURCE', None) or self.get_option('auth_source') auth_options = dict( - auth_source=self.get_option('auth_source'), + auth_source=auth_source, profile=self.get_option('profile'), subscription_id=self.get_option('subscription_id'), client_id=self.get_option('client_id'), diff --git a/plugins/module_utils/azure_rm_common.py b/plugins/module_utils/azure_rm_common.py index 526056108..79b5167b1 100644 --- a/plugins/module_utils/azure_rm_common.py +++ b/plugins/module_utils/azure_rm_common.py @@ -1606,6 +1606,7 @@ def _get_msi_credentials(self, subscription_id=None, client_id=None, _cloud_envi except Exception as exc: self.fail("cloud_environment {0} could not be resolved: {1}".format(_cloud_environment, str(exc)), exception=traceback.format_exc()) + client_id = client_id or self._get_env('client_id') credential = managed_identity.ManagedIdentityCredential(client_id=client_id, cloud_environment=cloud_environment) subscription_id = subscription_id or self._get_env('subscription_id') if not subscription_id: