Documentation
¶
Overview ¶
Package azureentraid provides the Azure Entra ID integration definition for integrations
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrCredentialMetadataRequired indicates the credential provider data is missing ErrCredentialMetadataRequired = errors.New("azureentraid: credential metadata required") // ErrMetadataDecode indicates the credential metadata could not be decoded ErrMetadataDecode = errors.New("azureentraid: credential metadata decode failed") // ErrTokenAcquireFailed indicates the client credentials token request failed ErrTokenAcquireFailed = errors.New("azureentraid: failed to acquire access token") // ErrClientType indicates the provided client is not the expected type ErrClientType = errors.New("azureentraid: unexpected client type") // ErrResultEncode indicates an operation result could not be serialized ErrResultEncode = errors.New("azureentraid: result encode failed") // ErrUsersFetchFailed indicates the Microsoft Graph users listing request failed ErrUsersFetchFailed = errors.New("azureentraid: users fetch failed") // ErrGroupsFetchFailed indicates the Microsoft Graph groups listing request failed ErrGroupsFetchFailed = errors.New("azureentraid: groups fetch failed") // ErrMembersFetchFailed indicates the Microsoft Graph group members request failed ErrMembersFetchFailed = errors.New("azureentraid: group members fetch failed") // ErrPayloadEncode indicates an ingest envelope payload could not be serialized ErrPayloadEncode = errors.New("azureentraid: payload encode failed") // ErrTenantIDNotFound indicates the tenant ID claim was not found in OAuth material ErrTenantIDNotFound = errors.New("azureentraid: tenant id not found in claims") // ErrCredentialEncode indicates the credential could not be serialized ErrCredentialEncode = errors.New("azureentraid: credential encode failed") // ErrCredentialDecode indicates the credential could not be deserialized ErrCredentialDecode = errors.New("azureentraid: credential decode failed") // ErrConsentStateGeneration indicates the CSRF state could not be generated for the admin consent flow ErrConsentStateGeneration = errors.New("azureentraid: admin consent state generation failed") // ErrConsentStateInvalid indicates the stored admin consent start state could not be decoded ErrConsentStateInvalid = errors.New("azureentraid: admin consent state invalid") // ErrConsentStateMismatch indicates the callback state does not match the stored CSRF state ErrConsentStateMismatch = errors.New("azureentraid: admin consent state mismatch") // ErrConsentDenied indicates the admin denied or cancelled the consent request ErrConsentDenied = errors.New("azureentraid: admin consent denied") )
Functions ¶
Types ¶
type Config ¶
type Config struct {
// ClientID is the Azure application (client) identifier registered for this integration
ClientID string `json:"clientid" koanf:"clientid"`
// ClientSecret is the Azure application client secret used for client credentials auth
ClientSecret string `json:"clientsecret" koanf:"clientsecret" sensitive:"true"`
// RedirectURL is the OAuth callback URL registered with the Azure application
RedirectURL string `json:"redirecturl" koanf:"redirecturl" default:"https://api.theopenlane.io/v1/integrations/auth/callback"`
// DefaultTenant pins the admin consent flow to a specific tenant ID or domain (e.g. for local dev/testing)
// when empty the generic /organizations endpoint is used
DefaultTenant string `json:"defaulttenant" koanf:"defaulttenant"`
// ApplicationID is the application ID registered in azure, used in the well-known configuration for domain validation
ApplicationID string `json:"applicationid" koanf:"applicationid"`
}
Config holds operator-level credentials for the Azure Entra ID definition
type CredentialClient ¶
type CredentialClient struct {
// contains filtered or unexported fields
}
CredentialClient builds the Azure token credential for one installation
func (CredentialClient) Build ¶
func (c CredentialClient) Build(ctx context.Context, req types.ClientBuildRequest) (any, error)
Build constructs the Azure client credentials token credential for one installation
type DirectorySync ¶
type DirectorySync struct{}
DirectorySync collects Azure Entra ID directory users, groups, and memberships for ingest
func (DirectorySync) IngestHandle ¶
func (d DirectorySync) IngestHandle() types.IngestHandler
IngestHandle adapts directory sync to the ingest operation registration boundary
func (DirectorySync) Run ¶
func (DirectorySync) Run(ctx context.Context, c *msgraphsdk.GraphServiceClient, cfg UserInput) ([]types.IngestPayloadSet, error)
Run collects Azure Entra ID directory users, groups, and memberships
type GraphClient ¶
type GraphClient struct {
// contains filtered or unexported fields
}
GraphClient builds the Microsoft Graph service client for one installation
func (GraphClient) Build ¶
func (c GraphClient) Build(_ context.Context, req types.ClientBuildRequest) (any, error)
Build constructs the Microsoft Graph service client for one installation
type HealthCheck ¶
type HealthCheck struct {
// Authenticated reports whether the client credentials successfully acquired a token
Authenticated bool `json:"authenticated"`
}
HealthCheck holds the result of an Azure Entra ID health check
func (HealthCheck) Handle ¶
func (h HealthCheck) Handle() types.OperationHandler
Handle adapts the health check to the generic operation registration boundary
func (HealthCheck) Run ¶
func (HealthCheck) Run(ctx context.Context, cred azcore.TokenCredential) (json.RawMessage, error)
Run executes the Azure Entra ID health check by verifying token acquisition
type InstallationMetadata ¶
type InstallationMetadata struct {
// TenantID is the Azure Active Directory tenant identifier selected during setup
TenantID string `json:"tenantId,omitempty" jsonschema:"title=Tenant ID"`
// DisplayName is the organization display name from Microsoft Graph
DisplayName string `json:"displayName,omitempty" jsonschema:"title=Display Name"`
// VerifiedDomains is the list of verified domains for the tenant
VerifiedDomains []VerifiedDomain `json:"verifiedDomains,omitempty" jsonschema:"title=Verified Domains"`
}
InstallationMetadata holds the stable Azure Entra tenant identity for one installation
func (InstallationMetadata) InstallationIdentity ¶
func (m InstallationMetadata) InstallationIdentity() types.IntegrationInstallationIdentity
InstallationIdentity implements types.InstallationIdentifiable
type UserInput ¶
type UserInput struct {
// PrimaryDirectory marks this installation as the authoritative directory source for identity holder enrichment and lifecycle derivation
PrimaryDirectory bool `json:"primaryDirectory,omitempty" jsonschema:"title=Primary Directory"`
// DisableGroupSync when true only syncs users, skipping groups and memberships
DisableGroupSync bool `` /* 151-byte string literal not displayed */
// IncludeGuestUsers controls whether guest-type accounts are included in the sync
IncludeGuestUsers bool `json:"includeGuestUsers,omitempty" jsonschema:"title=Include Guest Users"`
// FilterExpr limits imported records to envelopes matching the CEL expression
FilterExpr string `` /* 173-byte string literal not displayed */
}
UserInput holds installation-specific configuration collected from the user
type VerifiedDomain ¶
type VerifiedDomain struct {
// Name is the domain name
Name string `json:"name,omitempty"`
// IsDefault indicates whether this is the default domain for the tenant
IsDefault bool `json:"isDefault,omitempty"`
}
VerifiedDomain holds one verified domain entry for an Azure Entra ID tenant
Source Files
Click to show internal directories.
Click to hide internal directories.