provider/azurerm: support non public clouds (#11026)

* vendor: update jen20/riviera to pull in endpoints change

* provider/auzrerm: support non public clouds

Ran tests below with ARM_ENVIRONMENT=german and changes the location to Germany
Central in the test config. The virtual network tests cover both Riviera (resource
groups) and the official SDK client.

TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMVirtualNetwork_ -timeout 120m
=== RUN   TestAccAzureRMVirtualNetwork_importBasic
--- PASS: TestAccAzureRMVirtualNetwork_importBasic (81.84s)
=== RUN   TestAccAzureRMVirtualNetwork_basic
--- PASS: TestAccAzureRMVirtualNetwork_basic (78.14s)
=== RUN   TestAccAzureRMVirtualNetwork_disappears
--- PASS: TestAccAzureRMVirtualNetwork_disappears (78.45s)
=== RUN   TestAccAzureRMVirtualNetwork_withTags
--- PASS: TestAccAzureRMVirtualNetwork_withTags (81.78s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/azurerm	320.310s
This commit is contained in:
Peter McAtominey 2017-01-04 12:00:14 +00:00 committed by Paul Stack
parent 4dcbbb82bd
commit 0284138440
11 changed files with 164 additions and 130 deletions

View File

@ -138,18 +138,31 @@ func (c *Config) getArmClient() (*ArmClient, error) {
subscriptionId: c.SubscriptionID,
}
// detect cloud from environment
env, envErr := azure.EnvironmentFromName(c.Environment)
if envErr != nil {
// try again with wrapped value to support readable values like german instead of AZUREGERMANCLOUD
wrapped := fmt.Sprintf("AZURE%sCLOUD", c.Environment)
var innerErr error
if env, innerErr = azure.EnvironmentFromName(wrapped); innerErr != nil {
return nil, envErr
}
}
rivieraClient, err := riviera.NewClient(&riviera.AzureResourceManagerCredentials{
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
TenantID: c.TenantID,
SubscriptionID: c.SubscriptionID,
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
TenantID: c.TenantID,
SubscriptionID: c.SubscriptionID,
ResourceManagerEndpoint: env.ResourceManagerEndpoint,
ActiveDirectoryEndpoint: env.ActiveDirectoryEndpoint,
})
if err != nil {
return nil, fmt.Errorf("Error creating Riviera client: %s", err)
}
client.rivieraClient = rivieraClient
oauthConfig, err := azure.PublicCloud.OAuthConfigForTenant(c.TenantID)
oauthConfig, err := env.OAuthConfigForTenant(c.TenantID)
if err != nil {
return nil, err
}
@ -159,267 +172,268 @@ func (c *Config) getArmClient() (*ArmClient, error) {
return nil, fmt.Errorf("Unable to configure OAuthConfig for tenant %s", c.TenantID)
}
spt, err := azure.NewServicePrincipalToken(*oauthConfig, c.ClientID, c.ClientSecret,
azure.PublicCloud.ResourceManagerEndpoint)
spt, err := azure.NewServicePrincipalToken(*oauthConfig, c.ClientID, c.ClientSecret, env.ResourceManagerEndpoint)
if err != nil {
return nil, err
}
endpoint := env.ResourceManagerEndpoint
// NOTE: these declarations should be left separate for clarity should the
// clients be wished to be configured with custom Responders/PollingModess etc...
asc := compute.NewAvailabilitySetsClient(c.SubscriptionID)
asc := compute.NewAvailabilitySetsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&asc.Client)
asc.Authorizer = spt
asc.Sender = autorest.CreateSender(withRequestLogging())
client.availSetClient = asc
uoc := compute.NewUsageOperationsClient(c.SubscriptionID)
uoc := compute.NewUsageOperationsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&uoc.Client)
uoc.Authorizer = spt
uoc.Sender = autorest.CreateSender(withRequestLogging())
client.usageOpsClient = uoc
vmeic := compute.NewVirtualMachineExtensionImagesClient(c.SubscriptionID)
vmeic := compute.NewVirtualMachineExtensionImagesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vmeic.Client)
vmeic.Authorizer = spt
vmeic.Sender = autorest.CreateSender(withRequestLogging())
client.vmExtensionImageClient = vmeic
vmec := compute.NewVirtualMachineExtensionsClient(c.SubscriptionID)
vmec := compute.NewVirtualMachineExtensionsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vmec.Client)
vmec.Authorizer = spt
vmec.Sender = autorest.CreateSender(withRequestLogging())
client.vmExtensionClient = vmec
vmic := compute.NewVirtualMachineImagesClient(c.SubscriptionID)
vmic := compute.NewVirtualMachineImagesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vmic.Client)
vmic.Authorizer = spt
vmic.Sender = autorest.CreateSender(withRequestLogging())
client.vmImageClient = vmic
vmssc := compute.NewVirtualMachineScaleSetsClient(c.SubscriptionID)
vmssc := compute.NewVirtualMachineScaleSetsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vmssc.Client)
vmssc.Authorizer = spt
vmssc.Sender = autorest.CreateSender(withRequestLogging())
client.vmScaleSetClient = vmssc
vmc := compute.NewVirtualMachinesClient(c.SubscriptionID)
vmc := compute.NewVirtualMachinesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vmc.Client)
vmc.Authorizer = spt
vmc.Sender = autorest.CreateSender(withRequestLogging())
client.vmClient = vmc
agc := network.NewApplicationGatewaysClient(c.SubscriptionID)
agc := network.NewApplicationGatewaysClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&agc.Client)
agc.Authorizer = spt
agc.Sender = autorest.CreateSender(withRequestLogging())
client.appGatewayClient = agc
crc := containerregistry.NewRegistriesClient(c.SubscriptionID)
crc := containerregistry.NewRegistriesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&crc.Client)
crc.Authorizer = spt
crc.Sender = autorest.CreateSender(withRequestLogging())
client.containerRegistryClient = crc
ehc := eventhub.NewEventHubsClient(c.SubscriptionID)
ehc := eventhub.NewEventHubsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&ehc.Client)
ehc.Authorizer = spt
ehc.Sender = autorest.CreateSender(withRequestLogging())
client.eventHubClient = ehc
chcgc := eventhub.NewConsumerGroupsClient(c.SubscriptionID)
chcgc := eventhub.NewConsumerGroupsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&chcgc.Client)
chcgc.Authorizer = spt
chcgc.Sender = autorest.CreateSender(withRequestLogging())
client.eventHubConsumerGroupClient = chcgc
ehnc := eventhub.NewNamespacesClient(c.SubscriptionID)
ehnc := eventhub.NewNamespacesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&ehnc.Client)
ehnc.Authorizer = spt
ehnc.Sender = autorest.CreateSender(withRequestLogging())
client.eventHubNamespacesClient = ehnc
ifc := network.NewInterfacesClient(c.SubscriptionID)
ifc := network.NewInterfacesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&ifc.Client)
ifc.Authorizer = spt
ifc.Sender = autorest.CreateSender(withRequestLogging())
client.ifaceClient = ifc
lbc := network.NewLoadBalancersClient(c.SubscriptionID)
lbc := network.NewLoadBalancersClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&lbc.Client)
lbc.Authorizer = spt
lbc.Sender = autorest.CreateSender(withRequestLogging())
client.loadBalancerClient = lbc
lgc := network.NewLocalNetworkGatewaysClient(c.SubscriptionID)
lgc := network.NewLocalNetworkGatewaysClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&lgc.Client)
lgc.Authorizer = spt
lgc.Sender = autorest.CreateSender(withRequestLogging())
client.localNetConnClient = lgc
pipc := network.NewPublicIPAddressesClient(c.SubscriptionID)
pipc := network.NewPublicIPAddressesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&pipc.Client)
pipc.Authorizer = spt
pipc.Sender = autorest.CreateSender(withRequestLogging())
client.publicIPClient = pipc
sgc := network.NewSecurityGroupsClient(c.SubscriptionID)
sgc := network.NewSecurityGroupsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&sgc.Client)
sgc.Authorizer = spt
sgc.Sender = autorest.CreateSender(withRequestLogging())
client.secGroupClient = sgc
src := network.NewSecurityRulesClient(c.SubscriptionID)
src := network.NewSecurityRulesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&src.Client)
src.Authorizer = spt
src.Sender = autorest.CreateSender(withRequestLogging())
client.secRuleClient = src
snc := network.NewSubnetsClient(c.SubscriptionID)
snc := network.NewSubnetsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&snc.Client)
snc.Authorizer = spt
snc.Sender = autorest.CreateSender(withRequestLogging())
client.subnetClient = snc
vgcc := network.NewVirtualNetworkGatewayConnectionsClient(c.SubscriptionID)
vgcc := network.NewVirtualNetworkGatewayConnectionsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vgcc.Client)
vgcc.Authorizer = spt
vgcc.Sender = autorest.CreateSender(withRequestLogging())
client.vnetGatewayConnectionsClient = vgcc
vgc := network.NewVirtualNetworkGatewaysClient(c.SubscriptionID)
vgc := network.NewVirtualNetworkGatewaysClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vgc.Client)
vgc.Authorizer = spt
vgc.Sender = autorest.CreateSender(withRequestLogging())
client.vnetGatewayClient = vgc
vnc := network.NewVirtualNetworksClient(c.SubscriptionID)
vnc := network.NewVirtualNetworksClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vnc.Client)
vnc.Authorizer = spt
vnc.Sender = autorest.CreateSender(withRequestLogging())
client.vnetClient = vnc
vnpc := network.NewVirtualNetworkPeeringsClient(c.SubscriptionID)
vnpc := network.NewVirtualNetworkPeeringsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&vnpc.Client)
vnpc.Authorizer = spt
vnpc.Sender = autorest.CreateSender(withRequestLogging())
client.vnetPeeringsClient = vnpc
rtc := network.NewRouteTablesClient(c.SubscriptionID)
rtc := network.NewRouteTablesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&rtc.Client)
rtc.Authorizer = spt
rtc.Sender = autorest.CreateSender(withRequestLogging())
client.routeTablesClient = rtc
rc := network.NewRoutesClient(c.SubscriptionID)
rc := network.NewRoutesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&rc.Client)
rc.Authorizer = spt
rc.Sender = autorest.CreateSender(withRequestLogging())
client.routesClient = rc
rgc := resources.NewGroupsClient(c.SubscriptionID)
rgc := resources.NewGroupsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&rgc.Client)
rgc.Authorizer = spt
rgc.Sender = autorest.CreateSender(withRequestLogging())
client.resourceGroupClient = rgc
pc := resources.NewProvidersClient(c.SubscriptionID)
pc := resources.NewProvidersClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&pc.Client)
pc.Authorizer = spt
pc.Sender = autorest.CreateSender(withRequestLogging())
client.providers = pc
tc := resources.NewTagsClient(c.SubscriptionID)
tc := resources.NewTagsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&tc.Client)
tc.Authorizer = spt
tc.Sender = autorest.CreateSender(withRequestLogging())
client.tagsClient = tc
rf := resources.NewClient(c.SubscriptionID)
rf := resources.NewClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&rf.Client)
rf.Authorizer = spt
rf.Sender = autorest.CreateSender(withRequestLogging())
client.resourceFindClient = rf
jc := scheduler.NewJobsClient(c.SubscriptionID)
jc := scheduler.NewJobsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&jc.Client)
jc.Authorizer = spt
jc.Sender = autorest.CreateSender(withRequestLogging())
client.jobsClient = jc
jcc := scheduler.NewJobCollectionsClient(c.SubscriptionID)
jcc := scheduler.NewJobCollectionsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&jcc.Client)
jcc.Authorizer = spt
jcc.Sender = autorest.CreateSender(withRequestLogging())
client.jobsCollectionsClient = jcc
ssc := storage.NewAccountsClient(c.SubscriptionID)
ssc := storage.NewAccountsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&ssc.Client)
ssc.Authorizer = spt
ssc.Sender = autorest.CreateSender(withRequestLogging())
client.storageServiceClient = ssc
suc := storage.NewUsageOperationsClient(c.SubscriptionID)
suc := storage.NewUsageOperationsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&suc.Client)
suc.Authorizer = spt
suc.Sender = autorest.CreateSender(withRequestLogging())
client.storageUsageClient = suc
cpc := cdn.NewProfilesClient(c.SubscriptionID)
cpc := cdn.NewProfilesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&cpc.Client)
cpc.Authorizer = spt
cpc.Sender = autorest.CreateSender(withRequestLogging())
client.cdnProfilesClient = cpc
cec := cdn.NewEndpointsClient(c.SubscriptionID)
cec := cdn.NewEndpointsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&cec.Client)
cec.Authorizer = spt
cec.Sender = autorest.CreateSender(withRequestLogging())
client.cdnEndpointsClient = cec
dc := resources.NewDeploymentsClient(c.SubscriptionID)
dc := resources.NewDeploymentsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&dc.Client)
dc.Authorizer = spt
dc.Sender = autorest.CreateSender(withRequestLogging())
client.deploymentsClient = dc
tmpc := trafficmanager.NewProfilesClient(c.SubscriptionID)
tmpc := trafficmanager.NewProfilesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&tmpc.Client)
tmpc.Authorizer = spt
tmpc.Sender = autorest.CreateSender(withRequestLogging())
client.trafficManagerProfilesClient = tmpc
tmec := trafficmanager.NewEndpointsClient(c.SubscriptionID)
tmec := trafficmanager.NewEndpointsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&tmec.Client)
tmec.Authorizer = spt
tmec.Sender = autorest.CreateSender(withRequestLogging())
client.trafficManagerEndpointsClient = tmec
rdc := redis.NewClient(c.SubscriptionID)
rdc := redis.NewClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&rdc.Client)
rdc.Authorizer = spt
rdc.Sender = autorest.CreateSender(withRequestLogging())
client.redisClient = rdc
sbnc := servicebus.NewNamespacesClient(c.SubscriptionID)
sbnc := servicebus.NewNamespacesClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&sbnc.Client)
sbnc.Authorizer = spt
sbnc.Sender = autorest.CreateSender(withRequestLogging())
client.serviceBusNamespacesClient = sbnc
sbtc := servicebus.NewTopicsClient(c.SubscriptionID)
sbtc := servicebus.NewTopicsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&sbtc.Client)
sbtc.Authorizer = spt
sbtc.Sender = autorest.CreateSender(withRequestLogging())
client.serviceBusTopicsClient = sbtc
sbsc := servicebus.NewSubscriptionsClient(c.SubscriptionID)
sbsc := servicebus.NewSubscriptionsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&sbsc.Client)
sbsc.Authorizer = spt
sbsc.Sender = autorest.CreateSender(withRequestLogging())
client.serviceBusSubscriptionsClient = sbsc
kvc := keyvault.NewVaultsClient(c.SubscriptionID)
kvc := keyvault.NewVaultsClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&kvc.Client)
kvc.Authorizer = spt
kvc.Sender = autorest.CreateSender(withRequestLogging())

View File

@ -45,6 +45,12 @@ func Provider() terraform.ResourceProvider {
DefaultFunc: schema.EnvDefaultFunc("ARM_TENANT_ID", ""),
},
"environment": {
Type: schema.TypeString,
Required: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_ENVIRONMENT", "public"),
},
"skip_provider_registration": {
Type: schema.TypeBool,
Optional: true,
@ -134,6 +140,7 @@ type Config struct {
ClientID string
ClientSecret string
TenantID string
Environment string
SkipProviderRegistration bool
validateCredentialsOnce sync.Once
@ -154,6 +161,9 @@ func (c *Config) validate() error {
if c.TenantID == "" {
err = multierror.Append(err, fmt.Errorf("Tenant ID must be configured for the AzureRM provider"))
}
if c.Environment == "" {
err = multierror.Append(err, fmt.Errorf("Environment must be configured for the AzureRM provider"))
}
return err.ErrorOrNil()
}
@ -165,6 +175,7 @@ func providerConfigure(p *schema.Provider) schema.ConfigureFunc {
ClientID: d.Get("client_id").(string),
ClientSecret: d.Get("client_secret").(string),
TenantID: d.Get("tenant_id").(string),
Environment: d.Get("environment").(string),
SkipProviderRegistration: d.Get("skip_provider_registration").(bool),
}

View File

@ -12,7 +12,8 @@ import (
type Client struct {
logger *log.Logger
subscriptionID string
subscriptionID string
resourceManagerEndpoint string
tokenRequester *tokenRequester
httpClient *retryablehttp.Client
@ -24,13 +25,21 @@ func NewClient(creds *AzureResourceManagerCredentials) (*Client, error) {
httpClient := retryablehttp.NewClient()
httpClient.Logger = defaultLogger
tr := newTokenRequester(httpClient, creds.ClientID, creds.ClientSecret, creds.TenantID)
if creds.ResourceManagerEndpoint == "" {
creds.ResourceManagerEndpoint = defaultResourceManagerEndpoint
}
if creds.ActiveDirectoryEndpoint == "" {
creds.ActiveDirectoryEndpoint = defaultActiveDirectoryEndpoint
}
tr := newTokenRequester(httpClient, creds)
return &Client{
subscriptionID: creds.SubscriptionID,
httpClient: httpClient,
tokenRequester: tr,
logger: defaultLogger,
subscriptionID: creds.SubscriptionID,
resourceManagerEndpoint: creds.ResourceManagerEndpoint,
httpClient: httpClient,
tokenRequester: tr,
logger: defaultLogger,
}, nil
}

View File

@ -1,8 +1,17 @@
package azure
const (
defaultResourceManagerEndpoint = "https://management.azure.com"
defaultActiveDirectoryEndpoint = "https://login.microsoftonline.com"
)
type AzureResourceManagerCredentials struct {
ClientID string
ClientSecret string
TenantID string
SubscriptionID string
// can be overridden for non public clouds
ResourceManagerEndpoint string
ActiveDirectoryEndpoint string
}

View File

@ -1,43 +0,0 @@
package azure
import (
"reflect"
"strings"
)
type Endpoints struct {
resourceManagerEndpointUrl string
activeDirectoryEndpointUrl string
}
var (
ChineseEndpoints = Endpoints{"https://management.chinacloudapi.cn", "https://login.chinacloudapi.cn"}
DefaultEndpoints = Endpoints{"https://management.azure.com", "https://login.microsoftonline.com"}
GermanEndpoints = Endpoints{"https://management.microsoftazure.de", "https://login.microsoftonline.de"}
USGovEndpoints = Endpoints{"https://management.usgovcloudapi.net", "https://login.microsoftonline.com"}
)
func GetEndpointsForLocation(location string) Endpoints {
location = strings.Replace(strings.ToLower(location), " ", "", -1)
switch location {
case GermanyCentral, GermanyEast:
return GermanEndpoints
case ChinaEast, ChinaNorth:
return ChineseEndpoints
case USGovIowa, USGovVirginia:
return USGovEndpoints
default:
return DefaultEndpoints
}
}
func GetEndpointsForCommand(command APICall) Endpoints {
locationField := reflect.Indirect(reflect.ValueOf(command)).FieldByName("Location")
if locationField.IsValid() {
location := locationField.Interface().(string)
return GetEndpointsForLocation(location)
}
return DefaultEndpoints
}

View File

@ -0,0 +1,26 @@
package azure
import "fmt"
type GetResourceProviderResponse struct {
ID *string `mapstructure:"id"`
Namespace *string `mapstructure:"namespace"`
RegistrationState *string `mapstructure:"registrationState"`
}
type GetResourceProvider struct {
Namespace string `json:"-"`
}
func (command GetResourceProvider) APIInfo() APIInfo {
return APIInfo{
APIVersion: resourceGroupAPIVersion,
Method: "GET",
URLPathFunc: func() string {
return fmt.Sprintf("providers/%s", command.Namespace)
},
ResponseTypeFunc: func() interface{} {
return &GetResourceProviderResponse{}
},
}
}

View File

@ -9,7 +9,6 @@ type RegisterResourceProviderResponse struct {
ApplicationID *string `mapstructure:"applicationId"`
}
// TODO: Investigate RegistrationState response polling
type RegisterResourceProvider struct {
Namespace string `json:"-"`
}

View File

@ -75,8 +75,7 @@ func (request *Request) pollForAsynchronousResponse(acceptedResponse *http.Respo
return nil, err
}
endpoints := GetEndpointsForCommand(request.Command)
err = request.client.tokenRequester.addAuthorizationToRequest(req, endpoints)
err = request.client.tokenRequester.addAuthorizationToRequest(req)
if err != nil {
return nil, err
}
@ -116,11 +115,9 @@ func defaultARMRequestSerialize(body interface{}) (io.ReadSeeker, error) {
func (request *Request) Execute() (*Response, error) {
apiInfo := request.Command.APIInfo()
endpoints := GetEndpointsForCommand(request.Command)
var urlString string
urlObj, _ := url.Parse(endpoints.resourceManagerEndpointUrl)
urlObj, _ := url.Parse(request.client.resourceManagerEndpoint)
// Determine whether to use the URLPathFunc or the URI explicitly set in the request
if request.URI == nil {
@ -166,7 +163,7 @@ func (request *Request) Execute() (*Response, error) {
req.Header.Add("Content-Type", "application/json")
}
err = request.client.tokenRequester.addAuthorizationToRequest(req, endpoints)
err = request.client.tokenRequester.addAuthorizationToRequest(req)
if err != nil {
return nil, err
}

View File

@ -19,6 +19,9 @@ func init() {
}
type tokenRequester struct {
activeDirectoryEndpoint string
resourceManagerEndpoint string
clientID string
clientSecret string
tenantID string
@ -31,21 +34,23 @@ type tokenRequester struct {
currentToken *token
}
func newTokenRequester(client *retryablehttp.Client, clientID, clientSecret, tenantID string) *tokenRequester {
func newTokenRequester(client *retryablehttp.Client, creds *AzureResourceManagerCredentials) *tokenRequester {
return &tokenRequester{
clientID: clientID,
clientSecret: clientSecret,
tenantID: tenantID,
refreshWithin: 5 * time.Minute,
httpClient: client,
activeDirectoryEndpoint: creds.ActiveDirectoryEndpoint,
resourceManagerEndpoint: creds.ResourceManagerEndpoint,
clientID: creds.ClientID,
clientSecret: creds.ClientSecret,
tenantID: creds.TenantID,
refreshWithin: 5 * time.Minute,
httpClient: client,
}
}
// addAuthorizationToRequest adds an Authorization header to an http.Request, having ensured
// that the token is sufficiently fresh. This may invoke network calls, so should not be
// relied on to return quickly.
func (tr *tokenRequester) addAuthorizationToRequest(request *retryablehttp.Request, endpoints Endpoints) error {
token, err := tr.getUsableToken(endpoints)
func (tr *tokenRequester) addAuthorizationToRequest(request *retryablehttp.Request) error {
token, err := tr.getUsableToken()
if err != nil {
return fmt.Errorf("Error obtaining authorization token: %s", err)
}
@ -54,7 +59,7 @@ func (tr *tokenRequester) addAuthorizationToRequest(request *retryablehttp.Reque
return nil
}
func (tr *tokenRequester) getUsableToken(endpoints Endpoints) (*token, error) {
func (tr *tokenRequester) getUsableToken() (*token, error) {
tr.l.Lock()
defer tr.l.Unlock()
@ -62,7 +67,7 @@ func (tr *tokenRequester) getUsableToken(endpoints Endpoints) (*token, error) {
return tr.currentToken, nil
}
newToken, err := tr.refreshToken(endpoints)
newToken, err := tr.refreshToken()
if err != nil {
return nil, fmt.Errorf("Error refreshing token: %s", err)
}
@ -71,14 +76,14 @@ func (tr *tokenRequester) getUsableToken(endpoints Endpoints) (*token, error) {
return newToken, nil
}
func (tr *tokenRequester) refreshToken(endpoints Endpoints) (*token, error) {
oauthURL := fmt.Sprintf("%s/%s/oauth2/%s?api-version=1.0", endpoints.activeDirectoryEndpointUrl, tr.tenantID, "token")
func (tr *tokenRequester) refreshToken() (*token, error) {
oauthURL := fmt.Sprintf("%s/%s/oauth2/%s?api-version=1.0", tr.activeDirectoryEndpoint, tr.tenantID, "token")
v := url.Values{}
v.Set("client_id", tr.clientID)
v.Set("client_secret", tr.clientSecret)
v.Set("grant_type", "client_credentials")
v.Set("resource", strings.TrimSuffix(endpoints.resourceManagerEndpointUrl, "/")+"/")
v.Set("resource", strings.TrimSuffix(tr.resourceManagerEndpoint, "/")+"/")
var newToken token
response, err := tr.httpClient.PostForm(oauthURL, v)

22
vendor/vendor.json vendored
View File

@ -1863,34 +1863,34 @@
"revisionTime": "2017-01-03T19:23:32Z"
},
{
"checksumSHA1": "tRK0n/cIjBCYjnumPiP9cCS2CnA=",
"checksumSHA1": "hD8LA+lIAv6MB82Db29L71c2Jjc=",
"path": "github.com/jen20/riviera/azure",
"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
"revisionTime": "2016-11-01T10:00:17Z"
"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
"revisionTime": "2017-01-04T10:03:54Z"
},
{
"checksumSHA1": "ncdT+1PFEF5ly0niXuQc9/pKzT0=",
"path": "github.com/jen20/riviera/dns",
"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
"revisionTime": "2016-11-01T10:00:17Z"
"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
"revisionTime": "2017-01-04T10:03:54Z"
},
{
"checksumSHA1": "zVXx6ha3bt0N4ukRbRHXjSl91S4=",
"path": "github.com/jen20/riviera/search",
"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
"revisionTime": "2016-11-01T10:00:17Z"
"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
"revisionTime": "2017-01-04T10:03:54Z"
},
{
"checksumSHA1": "mD+brnqSfkLheYdGzTUqUi6VWgw=",
"path": "github.com/jen20/riviera/sql",
"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
"revisionTime": "2016-11-01T10:00:17Z"
"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
"revisionTime": "2017-01-04T10:03:54Z"
},
{
"checksumSHA1": "nKUCquNpJ9ifHgkXoT4K3Xar6R8=",
"path": "github.com/jen20/riviera/storage",
"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
"revisionTime": "2016-11-01T10:00:17Z"
"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
"revisionTime": "2017-01-04T10:03:54Z"
},
{
"comment": "0.2.2-2-gc01cf91",

View File

@ -76,6 +76,13 @@ The following arguments are supported:
* `tenant_id` - (Optional) The tenant ID to use. It can also be sourced from the
`ARM_TENANT_ID` environment variable.
* `environment` - (Optional) The cloud environment to use. It can also be sourced
from the `ARM_ENVIRONMENT` environment variable. Supported values are:
* `public` (default)
* `usgovernment`
* `german`
* `china`
* `skip_provider_registration` - (Optional) Prevents the provier from registering
the ARM provider namespaces, this can be used if you don't wish to give the Active
Directory Application permission to register resource providers. It can also be