forked from Azure/azure-sdk-for-java
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enable MSICrdentials in v2: Merging msi credentials for app-service a…
…nd vm (Azure#474) * Enable MSICrdentials in v2: Merging msi credentials for app-service and vm * Removing unused AppServiceMSICredentials and using binary expotential backoff algo retry
- Loading branch information
1 parent
426c5f5
commit 34fa182
Showing
4 changed files
with
619 additions
and
32 deletions.
There are no files selected for viewing
117 changes: 117 additions & 0 deletions
117
...ation/src/main/java/com/microsoft/azure/v2/credentials/MSIConfigurationForAppService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
/** | ||
* Copyright (c) Microsoft Corporation. All rights reserved. | ||
* Licensed under the MIT License. See License.txt in the project root for | ||
* license information. | ||
*/ | ||
package com.microsoft.azure.v2.credentials; | ||
|
||
import com.microsoft.azure.v2.AzureEnvironment; | ||
|
||
/** | ||
* Defines the configuration to be used for retrieving access token from | ||
* within an app-service with system assigned MSI enabled. | ||
*/ | ||
public class MSIConfigurationForAppService { | ||
private final AzureEnvironment environment; | ||
private String resource; | ||
private String msiEndpoint; | ||
private String msiSecret; | ||
|
||
/** | ||
* Creates MSIConfigurationForAppService. | ||
* | ||
* @param environment azure environment | ||
*/ | ||
public MSIConfigurationForAppService(AzureEnvironment environment) { | ||
this.environment = environment; | ||
} | ||
|
||
/** | ||
* Creates MSIConfigurationForAppService. | ||
*/ | ||
public MSIConfigurationForAppService() { | ||
this(AzureEnvironment.AZURE); | ||
} | ||
|
||
/** | ||
* @return the azure environment. | ||
*/ | ||
public AzureEnvironment azureEnvironment() { | ||
return this.environment; | ||
} | ||
/** | ||
* @return the audience identifying who will consume the token. | ||
*/ | ||
public String resource() { | ||
if (this.resource == null) { | ||
this.resource = this.environment.managementEndpoint(); | ||
} | ||
return this.resource; | ||
} | ||
/** | ||
* @return the endpoint from which token needs to be retrieved. | ||
*/ | ||
public String msiEndpoint() { | ||
if (this.msiEndpoint == null) { | ||
this.msiEndpoint = System.getenv("MSI_ENDPOINT"); | ||
} | ||
return this.msiEndpoint; | ||
} | ||
/** | ||
* @return the secret to use to retrieve the token. | ||
*/ | ||
public String msiSecret() { | ||
if (this.msiSecret == null) { | ||
this.msiSecret = System.getenv("MSI_SECRET"); | ||
} | ||
return this.msiSecret; | ||
} | ||
/** | ||
* Specifies the token audience. | ||
* | ||
* @param resource the audience of the token. | ||
* | ||
* @return MSIConfigurationForAppService | ||
*/ | ||
public MSIConfigurationForAppService withResource(String resource) { | ||
this.resource = resource; | ||
return this; | ||
} | ||
/** | ||
* Specifies the endpoint from which token needs to retrieved. | ||
* | ||
* @param msiEndpoint the token endpoint. | ||
* | ||
* @return MSIConfigurationForAppService | ||
*/ | ||
public MSIConfigurationForAppService withMsiEndpoint(String msiEndpoint) { | ||
this.msiSecret = msiEndpoint; | ||
return this; | ||
} | ||
/** | ||
* Specifies secret to use to retrieve the token. | ||
* | ||
* @param msiSecret the secret. | ||
* | ||
* @return MSIConfigurationForAppService | ||
*/ | ||
public MSIConfigurationForAppService withMsiSecret(String msiSecret) { | ||
this.msiSecret = msiSecret; | ||
return this; | ||
} | ||
|
||
@Override | ||
public MSIConfigurationForAppService clone() { | ||
MSIConfigurationForAppService copy = new MSIConfigurationForAppService(this.azureEnvironment()); | ||
if (this.resource() != null) { | ||
copy.withResource(this.resource()); | ||
} | ||
if (this.msiEndpoint() != null) { | ||
copy.withMsiEndpoint(this.msiEndpoint()); | ||
} | ||
if (this.msiSecret() != null) { | ||
copy.withMsiSecret(this.msiSecret()); | ||
} | ||
return copy; | ||
} | ||
} |
216 changes: 216 additions & 0 deletions
216
...n/src/main/java/com/microsoft/azure/v2/credentials/MSIConfigurationForVirtualMachine.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,216 @@ | ||
/** | ||
* Copyright (c) Microsoft Corporation. All rights reserved. | ||
* Licensed under the MIT License. See License.txt in the project root for | ||
* license information. | ||
*/ | ||
package com.microsoft.azure.v2.credentials; | ||
|
||
import com.microsoft.azure.v2.AzureEnvironment; | ||
|
||
/** | ||
* Defines the configuration to be used for retrieving access token from | ||
* within a VM with user assigned or system assigned MSI enabled. | ||
*/ | ||
public class MSIConfigurationForVirtualMachine { | ||
private final AzureEnvironment environment; | ||
private String resource; | ||
private MSITokenSource tokenSource; | ||
private String objectId; | ||
private String clientId; | ||
private String identityId; | ||
private Integer msiPort = null; | ||
private int maxRetry = -1; | ||
|
||
/** | ||
* Creates MSIConfigurationForVirtualMachine. | ||
* | ||
* @param environment azure environment | ||
*/ | ||
public MSIConfigurationForVirtualMachine(AzureEnvironment environment) { | ||
this.environment = environment; | ||
} | ||
|
||
/** | ||
* Creates MSIConfigurationForVirtualMachine. | ||
*/ | ||
public MSIConfigurationForVirtualMachine() { | ||
this(AzureEnvironment.AZURE); | ||
} | ||
|
||
/** | ||
* @return the azure environment. | ||
*/ | ||
public AzureEnvironment azureEnvironment() { | ||
return this.environment; | ||
} | ||
|
||
/** | ||
* @return the token retrieval source (either MSI extension running in VM or IMDS service). | ||
*/ | ||
public MSITokenSource tokenSource() { | ||
if (this.tokenSource == null) { | ||
this.tokenSource = MSITokenSource.IMDS_ENDPOINT; | ||
} | ||
return this.tokenSource; | ||
} | ||
/** | ||
* @return the audience identifying who will consume the token. | ||
*/ | ||
public String resource() { | ||
if (this.resource == null) { | ||
this.resource = this.environment.managementEndpoint(); | ||
} | ||
return this.resource; | ||
} | ||
/** | ||
* @return the principal id of user assigned or system assigned identity. | ||
*/ | ||
public String objectId() { | ||
return this.objectId; | ||
} | ||
/** | ||
* @return the client id of user assigned or system assigned identity. | ||
*/ | ||
public String clientId() { | ||
return this.clientId; | ||
} | ||
/** | ||
* @return the ARM resource id of the user assigned identity resource. | ||
*/ | ||
public String identityId() { | ||
return this.identityId; | ||
} | ||
/** | ||
* @return the port of token retrieval service running in the extension. | ||
*/ | ||
public int msiPort() { | ||
if (this.msiPort == null) { | ||
this.msiPort = 50342; | ||
} | ||
return this.msiPort; | ||
} | ||
|
||
/** | ||
* @return the maximum retries allowed. | ||
*/ | ||
public int maxRetry() { | ||
return this.maxRetry; | ||
} | ||
|
||
/** | ||
* Specifies the token retrieval source. | ||
* | ||
* @param tokenSource the source of token | ||
* | ||
* @return MSIConfigurationForVirtualMachine | ||
*/ | ||
public MSIConfigurationForVirtualMachine withTokenSource(MSITokenSource tokenSource) { | ||
this.tokenSource = tokenSource; | ||
return this; | ||
} | ||
|
||
/** | ||
* Specifies the token audience. | ||
* | ||
* @param resource the audience of the token. | ||
* | ||
* @return MSIConfigurationForVirtualMachine | ||
*/ | ||
public MSIConfigurationForVirtualMachine withResource(String resource) { | ||
this.resource = resource; | ||
return this; | ||
} | ||
|
||
/** | ||
* specifies the principal id of user assigned or system assigned identity. | ||
* | ||
* @param objectId the object (principal) id | ||
* @return MSIConfigurationForVirtualMachine | ||
*/ | ||
public MSIConfigurationForVirtualMachine withObjectId(String objectId) { | ||
this.objectId = objectId; | ||
return this; | ||
} | ||
|
||
/** | ||
* Specifies the client id of user assigned or system assigned identity. | ||
* | ||
* @param clientId the client id | ||
* @return MSIConfigurationForVirtualMachine | ||
*/ | ||
public MSIConfigurationForVirtualMachine withClientId(String clientId) { | ||
this.clientId = clientId; | ||
return this; | ||
} | ||
|
||
/** | ||
* Specifies the ARM resource id of the user assigned identity resource. | ||
* | ||
* @param identityId the identity ARM id | ||
* @return MSIConfigurationForVirtualMachine | ||
*/ | ||
public MSIConfigurationForVirtualMachine withIdentityId(String identityId) { | ||
this.identityId = identityId; | ||
return this; | ||
} | ||
|
||
/** | ||
* Specifies the port of token retrieval msi extension service. | ||
* | ||
* @param msiPort the port | ||
* @return MSIConfigurationForVirtualMachine | ||
*/ | ||
public MSIConfigurationForVirtualMachine withMsiPort(int msiPort) { | ||
this.msiPort = msiPort; | ||
return this; | ||
} | ||
|
||
/** | ||
* Specifies the the maximum retries allowed. | ||
* | ||
* @param maxRetry max retry count | ||
* @return MSIConfigurationForVirtualMachine | ||
*/ | ||
public MSIConfigurationForVirtualMachine withMaxRetry(int maxRetry) { | ||
this.maxRetry = maxRetry; | ||
return this; | ||
} | ||
|
||
@Override | ||
public MSIConfigurationForVirtualMachine clone() { | ||
MSIConfigurationForVirtualMachine copy = new MSIConfigurationForVirtualMachine(this.azureEnvironment()); | ||
if (this.clientId() != null) { | ||
copy.withClientId(this.clientId()); | ||
} | ||
if (this.identityId() != null) { | ||
copy.withIdentityId(this.identityId()); | ||
} | ||
if (this.objectId() != null) { | ||
copy.withObjectId(this.objectId()); | ||
} | ||
if (this.resource() != null) { | ||
copy.withResource(this.resource()); | ||
} | ||
if (this.tokenSource() != null) { | ||
copy.withTokenSource(this.tokenSource()); | ||
} | ||
copy.withMaxRetry(this.maxRetry()); | ||
copy.withMsiPort(this.msiPort()); | ||
return copy; | ||
} | ||
|
||
|
||
/** | ||
* The source of MSI token. | ||
*/ | ||
public enum MSITokenSource { | ||
/** | ||
* Indicate that token should be retrieved from MSI extension installed in the VM. | ||
*/ | ||
MSI_EXTENSION, | ||
/** | ||
* Indicate that token should be retrieved from IMDS service. | ||
*/ | ||
IMDS_ENDPOINT | ||
} | ||
} |
Oops, something went wrong.