Skip to content

Commit

Permalink
Enable MSICrdentials in v2: Merging msi credentials for app-service a…
Browse files Browse the repository at this point in the history
…nd vm (Azure#474)

* Enable MSICrdentials in v2: Merging msi credentials for app-service and vm

* Removing unused AppServiceMSICredentials and using binary expotential backoff algo retry
  • Loading branch information
anuchandy authored and jianghaolu committed Aug 23, 2018
1 parent 426c5f5 commit 34fa182
Show file tree
Hide file tree
Showing 4 changed files with 619 additions and 32 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
/**
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for
* license information.
*/
package com.microsoft.azure.v2.credentials;

import com.microsoft.azure.v2.AzureEnvironment;

/**
* Defines the configuration to be used for retrieving access token from
* within an app-service with system assigned MSI enabled.
*/
public class MSIConfigurationForAppService {
private final AzureEnvironment environment;
private String resource;
private String msiEndpoint;
private String msiSecret;

/**
* Creates MSIConfigurationForAppService.
*
* @param environment azure environment
*/
public MSIConfigurationForAppService(AzureEnvironment environment) {
this.environment = environment;
}

/**
* Creates MSIConfigurationForAppService.
*/
public MSIConfigurationForAppService() {
this(AzureEnvironment.AZURE);
}

/**
* @return the azure environment.
*/
public AzureEnvironment azureEnvironment() {
return this.environment;
}
/**
* @return the audience identifying who will consume the token.
*/
public String resource() {
if (this.resource == null) {
this.resource = this.environment.managementEndpoint();
}
return this.resource;
}
/**
* @return the endpoint from which token needs to be retrieved.
*/
public String msiEndpoint() {
if (this.msiEndpoint == null) {
this.msiEndpoint = System.getenv("MSI_ENDPOINT");
}
return this.msiEndpoint;
}
/**
* @return the secret to use to retrieve the token.
*/
public String msiSecret() {
if (this.msiSecret == null) {
this.msiSecret = System.getenv("MSI_SECRET");
}
return this.msiSecret;
}
/**
* Specifies the token audience.
*
* @param resource the audience of the token.
*
* @return MSIConfigurationForAppService
*/
public MSIConfigurationForAppService withResource(String resource) {
this.resource = resource;
return this;
}
/**
* Specifies the endpoint from which token needs to retrieved.
*
* @param msiEndpoint the token endpoint.
*
* @return MSIConfigurationForAppService
*/
public MSIConfigurationForAppService withMsiEndpoint(String msiEndpoint) {
this.msiSecret = msiEndpoint;
return this;
}
/**
* Specifies secret to use to retrieve the token.
*
* @param msiSecret the secret.
*
* @return MSIConfigurationForAppService
*/
public MSIConfigurationForAppService withMsiSecret(String msiSecret) {
this.msiSecret = msiSecret;
return this;
}

@Override
public MSIConfigurationForAppService clone() {
MSIConfigurationForAppService copy = new MSIConfigurationForAppService(this.azureEnvironment());
if (this.resource() != null) {
copy.withResource(this.resource());
}
if (this.msiEndpoint() != null) {
copy.withMsiEndpoint(this.msiEndpoint());
}
if (this.msiSecret() != null) {
copy.withMsiSecret(this.msiSecret());
}
return copy;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,216 @@
/**
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for
* license information.
*/
package com.microsoft.azure.v2.credentials;

import com.microsoft.azure.v2.AzureEnvironment;

/**
* Defines the configuration to be used for retrieving access token from
* within a VM with user assigned or system assigned MSI enabled.
*/
public class MSIConfigurationForVirtualMachine {
private final AzureEnvironment environment;
private String resource;
private MSITokenSource tokenSource;
private String objectId;
private String clientId;
private String identityId;
private Integer msiPort = null;
private int maxRetry = -1;

/**
* Creates MSIConfigurationForVirtualMachine.
*
* @param environment azure environment
*/
public MSIConfigurationForVirtualMachine(AzureEnvironment environment) {
this.environment = environment;
}

/**
* Creates MSIConfigurationForVirtualMachine.
*/
public MSIConfigurationForVirtualMachine() {
this(AzureEnvironment.AZURE);
}

/**
* @return the azure environment.
*/
public AzureEnvironment azureEnvironment() {
return this.environment;
}

/**
* @return the token retrieval source (either MSI extension running in VM or IMDS service).
*/
public MSITokenSource tokenSource() {
if (this.tokenSource == null) {
this.tokenSource = MSITokenSource.IMDS_ENDPOINT;
}
return this.tokenSource;
}
/**
* @return the audience identifying who will consume the token.
*/
public String resource() {
if (this.resource == null) {
this.resource = this.environment.managementEndpoint();
}
return this.resource;
}
/**
* @return the principal id of user assigned or system assigned identity.
*/
public String objectId() {
return this.objectId;
}
/**
* @return the client id of user assigned or system assigned identity.
*/
public String clientId() {
return this.clientId;
}
/**
* @return the ARM resource id of the user assigned identity resource.
*/
public String identityId() {
return this.identityId;
}
/**
* @return the port of token retrieval service running in the extension.
*/
public int msiPort() {
if (this.msiPort == null) {
this.msiPort = 50342;
}
return this.msiPort;
}

/**
* @return the maximum retries allowed.
*/
public int maxRetry() {
return this.maxRetry;
}

/**
* Specifies the token retrieval source.
*
* @param tokenSource the source of token
*
* @return MSIConfigurationForVirtualMachine
*/
public MSIConfigurationForVirtualMachine withTokenSource(MSITokenSource tokenSource) {
this.tokenSource = tokenSource;
return this;
}

/**
* Specifies the token audience.
*
* @param resource the audience of the token.
*
* @return MSIConfigurationForVirtualMachine
*/
public MSIConfigurationForVirtualMachine withResource(String resource) {
this.resource = resource;
return this;
}

/**
* specifies the principal id of user assigned or system assigned identity.
*
* @param objectId the object (principal) id
* @return MSIConfigurationForVirtualMachine
*/
public MSIConfigurationForVirtualMachine withObjectId(String objectId) {
this.objectId = objectId;
return this;
}

/**
* Specifies the client id of user assigned or system assigned identity.
*
* @param clientId the client id
* @return MSIConfigurationForVirtualMachine
*/
public MSIConfigurationForVirtualMachine withClientId(String clientId) {
this.clientId = clientId;
return this;
}

/**
* Specifies the ARM resource id of the user assigned identity resource.
*
* @param identityId the identity ARM id
* @return MSIConfigurationForVirtualMachine
*/
public MSIConfigurationForVirtualMachine withIdentityId(String identityId) {
this.identityId = identityId;
return this;
}

/**
* Specifies the port of token retrieval msi extension service.
*
* @param msiPort the port
* @return MSIConfigurationForVirtualMachine
*/
public MSIConfigurationForVirtualMachine withMsiPort(int msiPort) {
this.msiPort = msiPort;
return this;
}

/**
* Specifies the the maximum retries allowed.
*
* @param maxRetry max retry count
* @return MSIConfigurationForVirtualMachine
*/
public MSIConfigurationForVirtualMachine withMaxRetry(int maxRetry) {
this.maxRetry = maxRetry;
return this;
}

@Override
public MSIConfigurationForVirtualMachine clone() {
MSIConfigurationForVirtualMachine copy = new MSIConfigurationForVirtualMachine(this.azureEnvironment());
if (this.clientId() != null) {
copy.withClientId(this.clientId());
}
if (this.identityId() != null) {
copy.withIdentityId(this.identityId());
}
if (this.objectId() != null) {
copy.withObjectId(this.objectId());
}
if (this.resource() != null) {
copy.withResource(this.resource());
}
if (this.tokenSource() != null) {
copy.withTokenSource(this.tokenSource());
}
copy.withMaxRetry(this.maxRetry());
copy.withMsiPort(this.msiPort());
return copy;
}


/**
* The source of MSI token.
*/
public enum MSITokenSource {
/**
* Indicate that token should be retrieved from MSI extension installed in the VM.
*/
MSI_EXTENSION,
/**
* Indicate that token should be retrieved from IMDS service.
*/
IMDS_ENDPOINT
}
}
Loading

0 comments on commit 34fa182

Please sign in to comment.