Documentation
¶
Index ¶
- Constants
- func CloudConfig(cloudName string) (azcorecloud.Configuration, error)
- func GetAuthChainOrderConfig() []string
- func IsNotFoundError(err error) bool
- func Setup(cfg AuthConfig) (azcore.TokenCredential, *azcore.ClientOptions, error)
- type AuthConfig
- type AzureDevOpsPipelineCredential
- type CLICredential
- type ClientSet
- func (c *ClientSet) Configure() error
- func (c *ClientSet) Credential() azcore.TokenCredential
- func (c *ClientSet) CurrentIdentityObjectID() string
- func (c *ClientSet) CurrentIdentityType() string
- func (c *ClientSet) NewBlobStorageClient(accountName, storageEndpoint string, opts *azblob.ClientOptions) (*azblob.Client, error)
- type CredSource
- type ManagedIdentityCredential
- type TokenClaims
Constants ¶
View Source
const ( EnvAzureTenantID = "AZURE_TENANT_ID" EnvAzureClientID = "AZURE_CLIENT_ID" EnvAzureAuthChainOrder = "AZURE_AUTH_CHAIN_ORDER" ManagedIdentity = "ManagedIdentity" PipelineIdentity = "PipelineIdentity" CLI = "CLI" )
Variables ¶
This section is empty.
Functions ¶
func CloudConfig ¶
func CloudConfig(cloudName string) (azcorecloud.Configuration, error)
func GetAuthChainOrderConfig ¶
func GetAuthChainOrderConfig() []string
func IsNotFoundError ¶
IsNotFoundError checks if a 404 / Not Found error from the Azure Resource Manager. Also supports the Key Vault DeletedVaultNotFound error.
func Setup ¶
func Setup(cfg AuthConfig) (azcore.TokenCredential, *azcore.ClientOptions, error)
Setup creates an authentication token and returns a basic ClientOptions configured for the cloud specified in AuthConfig.CloudName field.
Types ¶
type AuthConfig ¶
type AuthConfig struct {
// CloudName is the name of the Azure cloud the credential will be used
// to communicate with. CloudName IS REQUIRED or Authenticate/Setup will
// error. The CloudName can be either the standard Azure SDK cloud names or
// alternate names such as the names used by the Azure CLI.
CloudName string
// TenantID is the unique identifier for the Azure tenant. The tenant ID
// IS REQUIRED.
TenantID string
// Chain defines the chain of sources to try for authentication. An empty
// slice will use the defaultChain.
Chain []CredSource
// ClientOptions are additional options that can be passed to the underlying
// client performing authentication. Generally these do not need to be set
// except in special circumstances.
ClientOptions azcore.ClientOptions
}
AuthConfig is used to configure how Azure authentication is performed in the v2 SDK.
type AzureDevOpsPipelineCredential ¶
type AzureDevOpsPipelineCredential struct {
ClientID string
ServiceConnectionID string
SystemAccessToken string
}
func (*AzureDevOpsPipelineCredential) Configure ¶
func (c *AzureDevOpsPipelineCredential) Configure(ao AuthConfig) (azcore.TokenCredential, error)
type CLICredential ¶
type CLICredential struct{}
func (*CLICredential) Configure ¶
func (c *CLICredential) Configure(ao AuthConfig) (azcore.TokenCredential, error)
type ClientSet ¶
type ClientSet struct {
// REQUIRED: CloudName is the name of the Azure Cloud. Callers should configure
// this before calling Configure().
CloudName string
// TenantID is ID the of Azure tenant. It is automatically set during
// Configure()
TenantID string
// SubscriptionID is the ID of the Azure subscription all subscription
// oriented clients are configured to communicate with. Callers should
// configure this before calling Configure(). If left empty then the
// value of `AZURE_SUBSCRIPTION_ID` environment variable is consulted
// which is legacy conforming behavior but might not be desirable if
// multiple clients are needed that talk to different subscriptions.
SubscriptionID string
// The user agent string to use. When unset the default user agent of
// "aksiknife: <version>" is used when Configure() is called.
UserAgent string
// Chain configures the auth source chain to use for Azure SDK clients. If
// not configured then the default azsdk.ChainFromEnv() is used.
Chain []CredSource
// Policies are additional custom policies to be applied to all Azure SDK
// clients. Policies are applied after the default policies so they can
// override default behavior if needed.
//
// Note: Policies are applied in the order they are provided in this slice.
Policies []policy.Policy
// The API version to use for Key Vault data plane operations.
// When not set, the current version of the SDK will be used.
// Bleu currently uses 7.5.
KeyVaultDataPlaneAPIVersion string
// A client for getting Azure Compute Resource SKUs.
ComputeResourceSKUClientV2 *armcompute.ResourceSKUsClient
// A client for interacting with Azure Compute Disks.
ComputeDisksClientV2 *armcompute.DisksClient
// A client for interacting with Azure Compute Galleries.
ComputeGalleryClientV2 *armcompute.GalleriesClient
// A client for interacting with Azure Compute Gallery Images.
ComputeGalleryImageClientV2 *armcompute.GalleryImagesClient
// A client for interacting with Azure Compute Gallery Image Versions.
ComputeGalleryImageVersionClientV2 *armcompute.GalleryImageVersionsClient
// A client for interacting with Azure Compute Images.
ComputeImageClientV2 *armcompute.ImagesClient
// A client for interacting with Azure Compute Snapshots.
ComputeSnapshotClientV2 *armcompute.SnapshotsClient
// A client for interacting with Azure Compute Virtual Machines.
ComputeVMClientV2 *armcompute.VirtualMachinesClient
// A client for interacting with Azure Compute Virtual Machine Scale Sets.
ComputeVMScaleSetClientV2 *armcompute.VirtualMachineScaleSetsClient
// A client for interacting with Azure Compute Virtual Machine Scale Set Extensions.
ComputeVMScaleSetExtensionClientV2 *armcompute.VirtualMachineScaleSetExtensionsClient
// A client for interacting with Azure Compute Virtual Machine Scale Set VMs.
ComputeVMScaleSetVMClientV2 *armcompute.VirtualMachineScaleSetVMsClient
// A client for interacting with Azure Compute Usage.
ComputeUsageClientV2 *armcompute.UsageClient
// A client for interacting with Azure DNS Zones.
DNSZonesClientV2 *armdns.ZonesClient
// A client for interacting with Azure DNS RecordSets.
DNSRecordSetsClientV2 *armdns.RecordSetsClient
// A client for interacting with Azure Private DNS Zones.
PrivateDNSZonesClientV2 *armprivatedns.PrivateZonesClient
// A client for interacting with Azure Private DNS RecordSets.
PrivateDNSRecordSetsClientV2 *armprivatedns.RecordSetsClient
// A client for interacting with Azure Private DNS Virtual Network Links.
PrivateDNSVirtualNetworkLinksClientV2 *armprivatedns.VirtualNetworkLinksClient
// A client for interacting with Azure ARM feature flag registration.
FeaturesClientV2 *armfeatures.Client
// A client for interacting with User-Assigned Managed Identities.
IdentitiesClientV2 *armmsi.UserAssignedIdentitiesClient
// A client for interacting with Azure Key Vault.
KeyVaultClientV2 *armkeyvault.VaultsClient
KeyVaultSecretsClientV2 *armkeyvault.SecretsClient
// A client for interacting with AKS Managed Clusters.
ManagedClustersClient *armcontainerservice.ManagedClustersClient
// A client for interacting with AKS Agent Pools.
ManagedClusterAgentPoolsClient *armcontainerservice.AgentPoolsClient
// A client for interacting with Azure Network Load Balancers.
NetworkLoadBalancersClientV2 *armnetwork.LoadBalancersClient
// A client for interacting with Azure Network Load Balancer Frontend IPs.
NetworkLoadBalancerFrontendIPsClientV2 *armnetwork.LoadBalancerFrontendIPConfigurationsClient
// A client for interacting with Azure Network Load Balancer Backend Address Pools.
NetworkLoadBalancerBackendAddressPoolsClientV2 *armnetwork.LoadBalancerBackendAddressPoolsClient
// A client for interacting with Azure Network Load Balancer Network Interfaces.
NetworkLoadBalancerNetworkInterfacesClientV2 *armnetwork.LoadBalancerNetworkInterfacesClient
// A client for interacting with Azure Network Load Balancer Inbound NAT Rules.
NetworkLoadBalancerInboundNATRulesClientV2 *armnetwork.InboundNatRulesClient
// A client for interacting with Azure Network Load Balancer Probes.
NetworkLoadBalancerProbesClientV2 *armnetwork.LoadBalancerProbesClient
// A client for interacting with Azure Network Public IP Addresses.
NetworkPublicIPAddressesClientV2 *armnetwork.PublicIPAddressesClient
// A client for interacting with Azure Network Route Tables.
NetworkRouteTablesClientV2 *armnetwork.RouteTablesClient
// A client for interacting with Azure Network Security Groups.
NetworkSecurityGroupsClientV2 *armnetwork.SecurityGroupsClient
// A client for interacting with Azure network security perimeter associations.
NetworkSecurityPerimeterAssociationsClient *armnetwork.SecurityPerimeterAssociationsClient
// A client for interacting with Azure Network Security Rules.
NetworkSecurityRulesClientV2 *armnetwork.SecurityRulesClient
// A client for interacting with Azure Network Subnets.
NetworkSubnetsClientV2 *armnetwork.SubnetsClient
// A client for interacting with Azure Network Interfaces.
NetworkInterfacesClientV2 *armnetwork.InterfacesClient
// A client for interacting with Azure Virtual Networks.
NetworkVirtualNetworksClientV2 *armnetwork.VirtualNetworksClient
// A client for interacting with Azure Virtual Network Peerings.
NetworkVirtualNetworkPeeringsClientV2 *armnetwork.VirtualNetworkPeeringsClient
// A client for interacting with Azure RBAC Role Assignments.
RBACRoleAssignmentsClientV2 *armauthorization.RoleAssignmentsClient
// A client for interacting with Azure RBAC Role Definitions.
RBACRoleDefinitionsClientV2 *armauthorization.RoleDefinitionsClient
// A client for interacting with Azure subscriptions.
SubscriptionsClientV2 *armsubscriptions.Client
// A client for interacting with Azure management locks.
ManagementLocksClientV2 *armlocks.ManagementLocksClient
// A client for interacting with Azure resources.
ResourceClientV2 *armresources.Client
// A client for interacting with Azure resource deployments.
ResourceDeploymentClientV2 *armresources.DeploymentsClient
// A client for interacting with Azure resource groups.
ResourceGroupsClientV2 *armresources.ResourceGroupsClient
// A client for interacting with Azure resource providers.
ResourceProvidersClientV2 *armresources.ProvidersClient
// A client for interacting with Azure resource tags.
ResourceTagsClientV2 *armresources.TagsClient
// A client for interacting with Azure Storage Accounts.
StorageAccountsClientV2 *armstorage.AccountsClient
// A client for interacting with Azure Storage Blob Services.
StorageBlobServicesClientV2 *armstorage.BlobServicesClient
// A client for interacting with Azure Storage SKUs.
StorageSKUsClientV2 *armstorage.SKUsClient
// contains filtered or unexported fields
}
ClientSet contains all necessary Azure API clients used throughout the core parts of the codebase.
func (*ClientSet) Credential ¶
func (c *ClientSet) Credential() azcore.TokenCredential
func (*ClientSet) CurrentIdentityObjectID ¶
func (*ClientSet) CurrentIdentityType ¶
func (*ClientSet) NewBlobStorageClient ¶
type CredSource ¶
type CredSource interface {
Configure(ao AuthConfig) (azcore.TokenCredential, error)
}
func ChainFromEnv ¶
func ChainFromEnv(desiredAuthChain ...string) []CredSource
ChainFromEnv builds the chain by processing a config var AZURE_AUTH_CHAIN_ORDER. The chain is built by splitting the valid values of the var by commas. The acceptable credential source values are ClientSecret, ClientCertificate, ManagedIdentity, and CLI.
For example, load credentials only from ManagedIdentity or CLI AZURE_AUTH_CHAIN_ORDER=ManagedIdentity,CLI
If the chain is empty or not set then the desired chain is used.
type ManagedIdentityCredential ¶
type ManagedIdentityCredential struct {
// ClientID is a managed identity client ID or ARM resource ID.
ClientID string
// IMDSTimeout specifies a timeout for trying to communicate with the Azure instance metadata
// service.
IMDSTimeout time.Duration
}
func (*ManagedIdentityCredential) Configure ¶
func (c *ManagedIdentityCredential) Configure(ao AuthConfig) (azcore.TokenCredential, error)
type TokenClaims ¶
func GetTokenClaims ¶
func GetTokenClaims(token string) (*TokenClaims, error)
Source Files
Click to show internal directories.
Click to hide internal directories.