14
21
credAttrSubscriptionId = "subscription-id"
15
22
credAttrTenantId = "tenant-id"
16
23
credAttrAppPassword = "application-password"
25
// clientCredentialsAuthType is the auth-type for the
26
// "client credentials" OAuth flow, which requires a
27
// service principal with a password.
28
clientCredentialsAuthType cloud.AuthType = "service-principal-secret"
30
// deviceCodeAuthType is the auth-type for the interactive
31
// "device code" OAuth flow.
32
deviceCodeAuthType cloud.AuthType = "interactive"
19
35
// environPoviderCredentials is an implementation of
20
36
// environs.ProviderCredentials for the Azure Resource
21
37
// Manager cloud provider.
22
type environProviderCredentials struct{}
38
type environProviderCredentials struct {
39
sender autorest.Sender
40
requestInspector autorest.PrepareDecorator
41
interactiveCreateServicePrincipal azureauth.InteractiveCreateServicePrincipalFunc
24
44
// CredentialSchemas is part of the environs.ProviderCredentials interface.
25
45
func (environProviderCredentials) CredentialSchemas() map[cloud.AuthType]cloud.CredentialSchema {
26
46
return map[cloud.AuthType]cloud.CredentialSchema{
47
// TODO(axw) 2016-09-15 #1623761
48
// UserPassAuthType is here for backwards
49
// compatibility. Drop it when rc1 is out.
27
50
cloud.UserPassAuthType: {
29
52
credAttrAppId, cloud.CredentialAttr{Description: "Azure Active Directory application ID"},
31
54
credAttrSubscriptionId, cloud.CredentialAttr{Description: "Azure subscription ID"},
33
credAttrTenantId, cloud.CredentialAttr{Description: "Azure Active Directory tenant ID"},
56
credAttrTenantId, cloud.CredentialAttr{
57
Description: "Azure Active Directory tenant ID",
61
credAttrAppPassword, cloud.CredentialAttr{
62
Description: "Azure Active Directory application password",
68
// deviceCodeAuthType is the interactive device-code oauth
69
// flow. This is only supported on the client side; it will
70
// be used to generate a service principal, and transformed
71
// into clientCredentialsAuthType.
72
deviceCodeAuthType: {{
73
credAttrSubscriptionId, cloud.CredentialAttr{Description: "Azure subscription ID"},
76
// clientCredentialsAuthType is the "client credentials"
77
// oauth flow, which requires a service principal with a
79
clientCredentialsAuthType: {
81
credAttrAppId, cloud.CredentialAttr{Description: "Azure Active Directory application ID"},
83
credAttrSubscriptionId, cloud.CredentialAttr{Description: "Azure subscription ID"},
35
85
credAttrAppPassword, cloud.CredentialAttr{
36
86
Description: "Azure Active Directory application password",
45
95
func (environProviderCredentials) DetectCredentials() (*cloud.CloudCredential, error) {
46
96
return nil, errors.NotFoundf("credentials")
99
// FinalizeCredential is part of the environs.ProviderCredentials interface.
100
func (c environProviderCredentials) FinalizeCredential(
101
ctx environs.FinalizeCredentialContext,
102
args environs.FinalizeCredentialParams,
103
) (*cloud.Credential, error) {
104
switch authType := args.Credential.AuthType(); authType {
105
case cloud.UserPassAuthType:
106
fmt.Fprintf(ctx.GetStderr(), `
107
WARNING: The %q auth-type is deprecated, and will be removed soon.
109
Please update the credential in ~/.local/share/juju/credentials.yaml,
110
changing auth-type to %q, and dropping the tenant-id field.
113
authType, clientCredentialsAuthType,
115
attrs := args.Credential.Attributes()
116
delete(attrs, credAttrTenantId)
117
out := cloud.NewCredential(clientCredentialsAuthType, attrs)
118
out.Label = args.Credential.Label
121
case deviceCodeAuthType:
122
subscriptionId := args.Credential.Attributes()[credAttrSubscriptionId]
123
applicationId, password, err := c.interactiveCreateServicePrincipal(
128
args.CloudIdentityEndpoint,
134
return nil, errors.Trace(err)
136
out := cloud.NewCredential(clientCredentialsAuthType, map[string]string{
137
credAttrSubscriptionId: subscriptionId,
138
credAttrAppId: applicationId,
139
credAttrAppPassword: password,
141
out.Label = args.Credential.Label
144
case clientCredentialsAuthType:
145
return &args.Credential, nil
147
return nil, errors.NotSupportedf("%q auth-type", authType)