Documentation
¶
Index ¶
- func ClientOptionsSchema() map[string]schema.Attribute
- func EntraIDOptionsSchema() map[string]schema.Attribute
- func New(version string) func() provider.Provider
- type AzureDevOpsOIDCStrategy
- type AzureDeveloperCLIStrategy
- type ClientCertificateStrategy
- type ClientOptionsModel
- type ClientSecretStrategy
- type CredentialStrategy
- type DeviceCodeStrategy
- type EntraIDOptionsModel
- type GitHubOIDCStrategy
- type InteractiveBrowserStrategy
- type M365Provider
- func (p *M365Provider) Configure(ctx context.Context, req provider.ConfigureRequest, ...)
- func (p *M365Provider) DataSources(ctx context.Context) []func() datasource.DataSource
- func (p *M365Provider) Metadata(ctx context.Context, req provider.MetadataRequest, ...)
- func (p *M365Provider) Resources(ctx context.Context) []func() resource.Resource
- func (p *M365Provider) Schema(ctx context.Context, req provider.SchemaRequest, resp *provider.SchemaResponse)
- type M365ProviderModel
- type ManagedIdentityStrategy
- type OIDCStrategy
- type WorkloadIdentityStrategy
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClientOptionsSchema ¶
func EntraIDOptionsSchema ¶
Types ¶
type AzureDevOpsOIDCStrategy ¶
type AzureDevOpsOIDCStrategy struct{}
AzureDevOpsOIDCStrategy implements the credential strategy for Azure DevOps OIDC authentication
func (*AzureDevOpsOIDCStrategy) GetCredential ¶
func (s *AzureDevOpsOIDCStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type AzureDeveloperCLIStrategy ¶
type AzureDeveloperCLIStrategy struct{}
AzureDeveloperCLIStrategy implements the credential strategy for Azure Developer CLI authentication
func (*AzureDeveloperCLIStrategy) GetCredential ¶
func (s *AzureDeveloperCLIStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type ClientCertificateStrategy ¶
type ClientCertificateStrategy struct{}
ClientCertificateStrategy implements the credential strategy for client certificate authentication
func (*ClientCertificateStrategy) GetCredential ¶
func (s *ClientCertificateStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type ClientOptionsModel ¶
type ClientOptionsModel struct {
EnableHeadersInspection types.Bool `tfsdk:"enable_headers_inspection"`
EnableRetry types.Bool `tfsdk:"enable_retry"`
MaxRetries types.Int64 `tfsdk:"max_retries"`
RetryDelaySeconds types.Int64 `tfsdk:"retry_delay_seconds"`
EnableRedirect types.Bool `tfsdk:"enable_redirect"`
MaxRedirects types.Int64 `tfsdk:"max_redirects"`
EnableCompression types.Bool `tfsdk:"enable_compression"`
CustomUserAgent types.String `tfsdk:"custom_user_agent"`
UseProxy types.Bool `tfsdk:"use_proxy"`
ProxyURL types.String `tfsdk:"proxy_url"`
ProxyUsername types.String `tfsdk:"proxy_username"`
ProxyPassword types.String `tfsdk:"proxy_password"`
TimeoutSeconds types.Int64 `tfsdk:"timeout_seconds"`
EnableChaos types.Bool `tfsdk:"enable_chaos"`
ChaosPercentage types.Int64 `tfsdk:"chaos_percentage"`
ChaosStatusCode types.Int64 `tfsdk:"chaos_status_code"`
ChaosStatusMessage types.String `tfsdk:"chaos_status_message"`
}
ClientOptionsModel describes the client options
type ClientSecretStrategy ¶
type ClientSecretStrategy struct{}
ClientSecretStrategy implements the credential strategy for client secret authentication
func (*ClientSecretStrategy) GetCredential ¶
func (s *ClientSecretStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type CredentialStrategy ¶
type CredentialStrategy interface {
GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
}
CredentialStrategy defines the interface for credential creation strategies
type DeviceCodeStrategy ¶
type DeviceCodeStrategy struct{}
DeviceCodeStrategy implements the credential strategy for device code authentication
func (*DeviceCodeStrategy) GetCredential ¶
func (s *DeviceCodeStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type EntraIDOptionsModel ¶
type EntraIDOptionsModel struct {
ClientID types.String `tfsdk:"client_id"`
ClientSecret types.String `tfsdk:"client_secret"`
ClientCertificate types.String `tfsdk:"client_certificate"`
ClientCertificatePassword types.String `tfsdk:"client_certificate_password"`
SendCertificateChain types.Bool `tfsdk:"send_certificate_chain"`
Username types.String `tfsdk:"username"` // For Interactive Browser Credential
DisableInstanceDiscovery types.Bool `tfsdk:"disable_instance_discovery"`
AdditionallyAllowedTenants types.List `tfsdk:"additionally_allowed_tenants"`
RedirectUrl types.String `tfsdk:"redirect_url"`
FederatedTokenFilePath types.String `tfsdk:"federated_token_file_path"` // For workload identity
ManagedIdentityID types.String `tfsdk:"managed_identity_id"` // For managed identity
OIDCTokenFilePath types.String `tfsdk:"oidc_token_file_path"` // For OIDC authentication
ADOServiceConnectionID types.String `tfsdk:"ado_service_connection_id"` // For Azure DevOps OIDC
}
EntraIDOptionsModel describes the Entra ID options
type GitHubOIDCStrategy ¶
type GitHubOIDCStrategy struct{}
GitHubOIDCStrategy implements the credential strategy for GitHub Actions OIDC authentication. It relies on two environment variables injected by GitHub Actions when `permissions: id-token: write` is set:
- ACTIONS_ID_TOKEN_REQUEST_URL: the endpoint to request the short-lived OIDC JWT.
- ACTIONS_ID_TOKEN_REQUEST_TOKEN: the bearer token used to authenticate the request for the OIDC JWT.
These are provided automatically by the runner and are required to fetch an OIDC assertion without storing long-lived credentials.
func (*GitHubOIDCStrategy) GetCredential ¶
func (s *GitHubOIDCStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
GetCredential obtains an Azure TokenCredential by exchanging the GitHub Actions OIDC token for an Azure access token. It reads the ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN env vars (injected by GitHub) to fetch
type InteractiveBrowserStrategy ¶
type InteractiveBrowserStrategy struct{}
InteractiveBrowserStrategy implements the credential strategy for interactive browser authentication
func (*InteractiveBrowserStrategy) GetCredential ¶
func (s *InteractiveBrowserStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type M365Provider ¶
type M365Provider struct {
// contains filtered or unexported fields
}
M365Provider defines the provider implementation.
func (*M365Provider) Configure ¶
func (p *M365Provider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse)
Configure sets up the Microsoft365 provider with the given configuration. It processes the provider schema, retrieves values from the configuration or environment variables, sets up authentication, and initializes the Microsoft Graph clients.
The function supports various authentication methods, proxy settings, and national cloud deployments. It performs the following main steps:
- Extracts and validates the configuration data.
- Sets up logging and context with relevant fields.
- Determines cloud-specific constants and endpoints.
- Configures the Entra ID client options.
- Obtains credentials based on the specified authentication method.
- Creates and configures the Microsoft Graph clients (stable and beta).
If any errors occur during these steps, appropriate diagnostics are added to the response.
func (*M365Provider) DataSources ¶
func (p *M365Provider) DataSources(ctx context.Context) []func() datasource.DataSource
DataSources returns a slice of functions that each return a datasource.DataSource. This function is a method of the M365Provider type and takes a context.Context as an argument. The returned slice is intended to hold the Microsoft 365 provider datasources.
Parameters:
- ctx: The context for controlling cancellation and timeout.
Returns:
[]func() datasource.DataSource: A slice of functions, each returning a datasource.DataSource.
func (*M365Provider) Metadata ¶
func (p *M365Provider) Metadata(ctx context.Context, req provider.MetadataRequest, resp *provider.MetadataResponse)
func (*M365Provider) Resources ¶
func (p *M365Provider) Resources(ctx context.Context) []func() resource.Resource
Resources returns a slice of functions that each return a resource.Resource. This function is a method of the M365Provider type and takes a context.Context as an argument. The returned slice is intended to hold the Microsoft 365 provider resources.
Parameters:
- ctx: The context for controlling cancellation and timeout.
Returns:
[]func() resource.Resource: A slice of functions, each returning a resource.Resource.
Resources returns a slice of functions that each return a resource.Resource.
func (*M365Provider) Schema ¶
func (p *M365Provider) Schema(ctx context.Context, req provider.SchemaRequest, resp *provider.SchemaResponse)
type M365ProviderModel ¶
type M365ProviderModel struct {
Cloud types.String `tfsdk:"cloud"`
TenantID types.String `tfsdk:"tenant_id"`
AuthMethod types.String `tfsdk:"auth_method"`
EntraIDOptions types.Object `tfsdk:"entra_id_options"`
ClientOptions types.Object `tfsdk:"client_options"`
TelemetryOptout types.Bool `tfsdk:"telemetry_optout"`
DebugMode types.Bool `tfsdk:"debug_mode"`
}
M365ProviderModel describes the provider data model.
type ManagedIdentityStrategy ¶
type ManagedIdentityStrategy struct{}
ManagedIdentityStrategy implements the credential strategy for managed identity authentication
func (*ManagedIdentityStrategy) GetCredential ¶
func (s *ManagedIdentityStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type OIDCStrategy ¶
type OIDCStrategy struct{}
OIDCStrategy implements a minimalist generic credential strategy for OIDC authentication
func (*OIDCStrategy) GetCredential ¶
func (s *OIDCStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
type WorkloadIdentityStrategy ¶
type WorkloadIdentityStrategy struct{}
WorkloadIdentityStrategy implements the credential strategy for workload identity authentication
func (*WorkloadIdentityStrategy) GetCredential ¶
func (s *WorkloadIdentityStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
Source Files