provider

package
v0.13.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2025 License: MPL-2.0 Imports: 83 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClientOptionsSchema

func ClientOptionsSchema() map[string]schema.Attribute

func EntraIDOptionsSchema

func EntraIDOptionsSchema() map[string]schema.Attribute

func New

func New(version string) func() provider.Provider

Types

type AzureDevOpsOIDCStrategy

type AzureDevOpsOIDCStrategy struct{}

AzureDevOpsOIDCStrategy implements the credential strategy for Azure DevOps OIDC authentication

func (*AzureDevOpsOIDCStrategy) GetCredential

func (s *AzureDevOpsOIDCStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)

type AzureDeveloperCLIStrategy

type AzureDeveloperCLIStrategy struct{}

AzureDeveloperCLIStrategy implements the credential strategy for Azure Developer CLI authentication

func (*AzureDeveloperCLIStrategy) GetCredential

type ClientCertificateStrategy

type ClientCertificateStrategy struct{}

ClientCertificateStrategy implements the credential strategy for client certificate authentication

func (*ClientCertificateStrategy) GetCredential

type ClientOptionsModel

type ClientOptionsModel struct {
	EnableHeadersInspection types.Bool   `tfsdk:"enable_headers_inspection"`
	EnableRetry             types.Bool   `tfsdk:"enable_retry"`
	MaxRetries              types.Int64  `tfsdk:"max_retries"`
	RetryDelaySeconds       types.Int64  `tfsdk:"retry_delay_seconds"`
	EnableRedirect          types.Bool   `tfsdk:"enable_redirect"`
	MaxRedirects            types.Int64  `tfsdk:"max_redirects"`
	EnableCompression       types.Bool   `tfsdk:"enable_compression"`
	CustomUserAgent         types.String `tfsdk:"custom_user_agent"`
	UseProxy                types.Bool   `tfsdk:"use_proxy"`
	ProxyURL                types.String `tfsdk:"proxy_url"`
	ProxyUsername           types.String `tfsdk:"proxy_username"`
	ProxyPassword           types.String `tfsdk:"proxy_password"`
	TimeoutSeconds          types.Int64  `tfsdk:"timeout_seconds"`
	EnableChaos             types.Bool   `tfsdk:"enable_chaos"`
	ChaosPercentage         types.Int64  `tfsdk:"chaos_percentage"`
	ChaosStatusCode         types.Int64  `tfsdk:"chaos_status_code"`
	ChaosStatusMessage      types.String `tfsdk:"chaos_status_message"`
}

ClientOptionsModel describes the client options

type ClientSecretStrategy

type ClientSecretStrategy struct{}

ClientSecretStrategy implements the credential strategy for client secret authentication

func (*ClientSecretStrategy) GetCredential

func (s *ClientSecretStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)

type CredentialStrategy

type CredentialStrategy interface {
	GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)
}

CredentialStrategy defines the interface for credential creation strategies

type DeviceCodeStrategy

type DeviceCodeStrategy struct{}

DeviceCodeStrategy implements the credential strategy for device code authentication

func (*DeviceCodeStrategy) GetCredential

func (s *DeviceCodeStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)

type EntraIDOptionsModel

type EntraIDOptionsModel struct {
	ClientID                   types.String `tfsdk:"client_id"`
	ClientSecret               types.String `tfsdk:"client_secret"`
	ClientCertificate          types.String `tfsdk:"client_certificate"`
	ClientCertificatePassword  types.String `tfsdk:"client_certificate_password"`
	SendCertificateChain       types.Bool   `tfsdk:"send_certificate_chain"`
	Username                   types.String `tfsdk:"username"` // For Interactive Browser Credential
	DisableInstanceDiscovery   types.Bool   `tfsdk:"disable_instance_discovery"`
	AdditionallyAllowedTenants types.List   `tfsdk:"additionally_allowed_tenants"`
	RedirectUrl                types.String `tfsdk:"redirect_url"`
	FederatedTokenFilePath     types.String `tfsdk:"federated_token_file_path"` // For workload identity
	ManagedIdentityID          types.String `tfsdk:"managed_identity_id"`       // For managed identity
	OIDCTokenFilePath          types.String `tfsdk:"oidc_token_file_path"`      // For OIDC authentication
	ADOServiceConnectionID     types.String `tfsdk:"ado_service_connection_id"` // For Azure DevOps OIDC
}

EntraIDOptionsModel describes the Entra ID options

type GitHubOIDCStrategy

type GitHubOIDCStrategy struct{}

GitHubOIDCStrategy implements the credential strategy for GitHub Actions OIDC authentication. It relies on two environment variables injected by GitHub Actions when `permissions: id-token: write` is set:

  • ACTIONS_ID_TOKEN_REQUEST_URL: the endpoint to request the short-lived OIDC JWT.
  • ACTIONS_ID_TOKEN_REQUEST_TOKEN: the bearer token used to authenticate the request for the OIDC JWT.

These are provided automatically by the runner and are required to fetch an OIDC assertion without storing long-lived credentials.

func (*GitHubOIDCStrategy) GetCredential

func (s *GitHubOIDCStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)

GetCredential obtains an Azure TokenCredential by exchanging the GitHub Actions OIDC token for an Azure access token. It reads the ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN env vars (injected by GitHub) to fetch

type InteractiveBrowserStrategy

type InteractiveBrowserStrategy struct{}

InteractiveBrowserStrategy implements the credential strategy for interactive browser authentication

func (*InteractiveBrowserStrategy) GetCredential

type M365Provider

type M365Provider struct {
	// contains filtered or unexported fields
}

M365Provider defines the provider implementation.

func (*M365Provider) Configure

Configure sets up the Microsoft365 provider with the given configuration. It processes the provider schema, retrieves values from the configuration or environment variables, sets up authentication, and initializes the Microsoft Graph clients.

The function supports various authentication methods, proxy settings, and national cloud deployments. It performs the following main steps:

  1. Extracts and validates the configuration data.
  2. Sets up logging and context with relevant fields.
  3. Determines cloud-specific constants and endpoints.
  4. Configures the Entra ID client options.
  5. Obtains credentials based on the specified authentication method.
  6. Creates and configures the Microsoft Graph clients (stable and beta).

If any errors occur during these steps, appropriate diagnostics are added to the response.

func (*M365Provider) DataSources

func (p *M365Provider) DataSources(ctx context.Context) []func() datasource.DataSource

DataSources returns a slice of functions that each return a datasource.DataSource. This function is a method of the M365Provider type and takes a context.Context as an argument. The returned slice is intended to hold the Microsoft 365 provider datasources.

Parameters:

  • ctx: The context for controlling cancellation and timeout.

Returns:

[]func() datasource.DataSource: A slice of functions, each returning a datasource.DataSource.

func (*M365Provider) Metadata

func (*M365Provider) Resources

func (p *M365Provider) Resources(ctx context.Context) []func() resource.Resource

Resources returns a slice of functions that each return a resource.Resource. This function is a method of the M365Provider type and takes a context.Context as an argument. The returned slice is intended to hold the Microsoft 365 provider resources.

Parameters:

  • ctx: The context for controlling cancellation and timeout.

Returns:

[]func() resource.Resource: A slice of functions, each returning a resource.Resource.

Resources returns a slice of functions that each return a resource.Resource.

func (*M365Provider) Schema

type M365ProviderModel

type M365ProviderModel struct {
	Cloud           types.String `tfsdk:"cloud"`
	TenantID        types.String `tfsdk:"tenant_id"`
	AuthMethod      types.String `tfsdk:"auth_method"`
	EntraIDOptions  types.Object `tfsdk:"entra_id_options"`
	ClientOptions   types.Object `tfsdk:"client_options"`
	TelemetryOptout types.Bool   `tfsdk:"telemetry_optout"`
	DebugMode       types.Bool   `tfsdk:"debug_mode"`
}

M365ProviderModel describes the provider data model.

type ManagedIdentityStrategy

type ManagedIdentityStrategy struct{}

ManagedIdentityStrategy implements the credential strategy for managed identity authentication

func (*ManagedIdentityStrategy) GetCredential

func (s *ManagedIdentityStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)

type OIDCStrategy

type OIDCStrategy struct{}

OIDCStrategy implements a minimalist generic credential strategy for OIDC authentication

func (*OIDCStrategy) GetCredential

func (s *OIDCStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error)

type WorkloadIdentityStrategy

type WorkloadIdentityStrategy struct{}

WorkloadIdentityStrategy implements the credential strategy for workload identity authentication

func (*WorkloadIdentityStrategy) GetCredential

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL