backend/azurerm: added a feature flag for using AzureAD to authenticate

This commit is contained in:
Matthew Frahry 2021-03-22 09:33:57 -07:00
parent 05b45ab4f3
commit b0b0a44a67
1 changed files with 14 additions and 13 deletions

View File

@ -125,7 +125,7 @@ func New() backend.Backend {
"use_msi": {
Type: schema.TypeBool,
Optional: true,
Description: "Should Managed Service Identity be used?.",
Description: "Should Managed Service Identity be used?",
DefaultFunc: schema.EnvDefaultFunc("ARM_USE_MSI", false),
},
"msi_endpoint": {
@ -134,6 +134,14 @@ func New() backend.Backend {
Description: "The Managed Service Identity Endpoint.",
DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""),
},
// Feature Flags
"use_azuread_auth": {
Type: schema.TypeBool,
Optional: true,
Description: "Should Terraform use AzureAD Authentication to access the Blob?",
DefaultFunc: schema.EnvDefaultFunc("ARM_USE_AZUREAD", false),
},
},
}
@ -172,6 +180,7 @@ type BackendConfig struct {
SubscriptionID string
TenantID string
UseMsi bool
UseAzureADAuthentication bool
}
func (b *Backend) configure(ctx context.Context) error {
@ -202,6 +211,7 @@ func (b *Backend) configure(ctx context.Context) error {
SubscriptionID: data.Get("subscription_id").(string),
TenantID: data.Get("tenant_id").(string),
UseMsi: data.Get("use_msi").(bool),
UseAzureADAuthentication: data.Get("use_azuread_auth").(bool),
}
armClient, err := buildArmClient(context.TODO(), config)
@ -209,20 +219,11 @@ func (b *Backend) configure(ctx context.Context) error {
return err
}
if config.AccessKey == "" && config.SasToken == "" && config.ResourceGroupName == "" {
return fmt.Errorf("Either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified")
thingsNeededToLookupAccessKeySpecified := config.AccessKey == "" && config.SasToken == "" && config.ResourceGroupName == ""
if thingsNeededToLookupAccessKeySpecified && !config.UseAzureADAuthentication {
return fmt.Errorf("Either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified - or Azure AD Authentication must be enabled")
}
b.armClient = armClient
return nil
}
func valueFromDeprecatedField(d *schema.ResourceData, key, deprecatedFieldKey string) string {
v := d.Get(key).(string)
if v == "" {
v = d.Get(deprecatedFieldKey).(string)
}
return v
}