modules: update go-azure-helpers to v0.5.0
To help address the issues posed on #22087 and #22085.
This commit is contained in:
parent
04c5f0ffb2
commit
d43fc71135
|
@ -80,17 +80,19 @@ func buildArmClient(config BackendConfig) (*ArmClient, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
auth, err := armConfig.GetAuthorizationToken(oauthConfig, env.TokenAudience)
|
||||
sender := buildSender()
|
||||
|
||||
auth, err := armConfig.GetAuthorizationToken(sender, oauthConfig, env.TokenAudience)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
accountsClient := armStorage.NewAccountsClientWithBaseURI(env.ResourceManagerEndpoint, armConfig.SubscriptionID)
|
||||
client.configureClient(&accountsClient.Client, auth)
|
||||
client.configureClient(&accountsClient.Client, sender, auth)
|
||||
client.storageAccountsClient = &accountsClient
|
||||
|
||||
groupsClient := resources.NewGroupsClientWithBaseURI(env.ResourceManagerEndpoint, armConfig.SubscriptionID)
|
||||
client.configureClient(&groupsClient.Client, auth)
|
||||
client.configureClient(&groupsClient.Client, sender, auth)
|
||||
client.groupsClient = &groupsClient
|
||||
|
||||
return &client, nil
|
||||
|
@ -151,10 +153,10 @@ func (c ArmClient) getBlobClient(ctx context.Context) (*storage.BlobStorageClien
|
|||
return &client, nil
|
||||
}
|
||||
|
||||
func (c *ArmClient) configureClient(client *autorest.Client, auth autorest.Authorizer) {
|
||||
func (c *ArmClient) configureClient(client *autorest.Client, sender autorest.Sender, auth autorest.Authorizer) {
|
||||
client.UserAgent = buildUserAgent()
|
||||
client.Authorizer = auth
|
||||
client.Sender = buildSender()
|
||||
client.Sender = sender
|
||||
client.SkipResourceProviderRegistration = false
|
||||
client.PollingDuration = 60 * time.Minute
|
||||
}
|
||||
|
|
5
go.mod
5
go.mod
|
@ -5,9 +5,6 @@ require (
|
|||
github.com/Azure/azure-sdk-for-go v31.2.0+incompatible
|
||||
github.com/Azure/go-autorest/autorest v0.5.0
|
||||
github.com/Azure/go-autorest/autorest/adal v0.2.0
|
||||
github.com/Azure/go-autorest/autorest/azure/cli v0.1.0 // indirect
|
||||
github.com/Azure/go-autorest/autorest/to v0.2.0 // indirect
|
||||
github.com/Azure/go-autorest/autorest/validation v0.1.0 // indirect
|
||||
github.com/Unknwon/com v0.0.0-20151008135407-28b053d5a292 // indirect
|
||||
github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af // indirect
|
||||
github.com/agext/levenshtein v1.2.2
|
||||
|
@ -48,7 +45,7 @@ require (
|
|||
github.com/hashicorp/aws-sdk-go-base v0.2.0
|
||||
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
|
||||
github.com/hashicorp/errwrap v1.0.0
|
||||
github.com/hashicorp/go-azure-helpers v0.0.0-20190129193224-166dfd221bb2
|
||||
github.com/hashicorp/go-azure-helpers v0.5.0
|
||||
github.com/hashicorp/go-checkpoint v0.5.0
|
||||
github.com/hashicorp/go-cleanhttp v0.5.0
|
||||
github.com/hashicorp/go-getter v1.3.1-0.20190627223108-da0323b9545e
|
||||
|
|
13
go.sum
13
go.sum
|
@ -11,12 +11,10 @@ dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBr
|
|||
dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
|
||||
dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
|
||||
git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
|
||||
github.com/Azure/azure-sdk-for-go v21.3.0+incompatible h1:YFvAka2WKAl2xnJkYV1e1b7E2z88AgFszDzWU18ejMY=
|
||||
github.com/Azure/azure-sdk-for-go v21.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||
github.com/Azure/azure-sdk-for-go v31.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||
github.com/Azure/azure-sdk-for-go v31.2.0+incompatible h1:kZFnTLmdQYNGfakatSivKHUfUnDZhqNdchHD4oIhp5k=
|
||||
github.com/Azure/azure-sdk-for-go v31.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||
github.com/Azure/go-autorest v12.3.0+incompatible h1:iw0EvmwwEhv8JzEFfbKNJjnrHJqiH5NlKqhdYiKXRUQ=
|
||||
github.com/Azure/go-autorest v12.3.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
|
||||
github.com/Azure/go-autorest/autorest v0.3.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg=
|
||||
github.com/Azure/go-autorest/autorest v0.5.0 h1:Mlm9qy2fpQ9MvfyI41G2Zf5B4CsgjjNbLOWszfK6KrY=
|
||||
github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E=
|
||||
|
@ -126,8 +124,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
|||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
github.com/dimchansky/utfbom v1.0.0 h1:fGC2kkf4qOoKqZ4q7iIh+Vef4ubC1c38UDsEyZynZPc=
|
||||
github.com/dimchansky/utfbom v1.0.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
|
||||
github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4=
|
||||
github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
|
||||
github.com/dnaeon/go-vcr v0.0.0-20180920040454-5637cf3d8a31 h1:Dzuw9GtbmllUqEcoHfScT9YpKFUssSiZ5PgZkIGf/YQ=
|
||||
|
@ -213,8 +209,8 @@ github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1m
|
|||
github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||
github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
|
||||
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||
github.com/hashicorp/go-azure-helpers v0.0.0-20190129193224-166dfd221bb2 h1:VBRx+yPYUZaobnn5ANBcOUf4hhWpTHSQgftG4TcDkhI=
|
||||
github.com/hashicorp/go-azure-helpers v0.0.0-20190129193224-166dfd221bb2/go.mod h1:lu62V//auUow6k0IykxLK2DCNW8qTmpm8KqhYVWattA=
|
||||
github.com/hashicorp/go-azure-helpers v0.5.0 h1:GW5YJKeeMfyIEZjiVf84Av2W6FizMwS1OYLtDwDwah0=
|
||||
github.com/hashicorp/go-azure-helpers v0.5.0/go.mod h1:1kVoV5ZV0b/Wc/Rck7dKgW0MhmUrZiRxt/OnG42Yeow=
|
||||
github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
|
||||
github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
|
||||
github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6KdvN3Gig=
|
||||
|
@ -499,7 +495,6 @@ golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+
|
|||
golang.org/x/crypto v0.0.0-20180816225734-aabede6cba87/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2 h1:NwxKRvbkH5MsNkvOtPZi3/3kmI8CAzs3mtv+GLQMkNo=
|
||||
golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190222235706-ffb98f73852f h1:qWFY9ZxP3tfI37wYIs/MnIAqK0vlXp1xnYEa5HxFSSY=
|
||||
|
|
|
@ -10,7 +10,7 @@ type authMethod interface {
|
|||
|
||||
isApplicable(b Builder) bool
|
||||
|
||||
getAuthorizationToken(oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error)
|
||||
getAuthorizationToken(sender autorest.Sender, oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error)
|
||||
|
||||
name() string
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@ import (
|
|||
|
||||
type azureCliTokenAuth struct {
|
||||
profile *azureCLIProfile
|
||||
servicePrincipalAuthDocsLink string
|
||||
}
|
||||
|
||||
func (a azureCliTokenAuth) build(b Builder) (authMethod, error) {
|
||||
|
@ -25,6 +26,7 @@ func (a azureCliTokenAuth) build(b Builder) (authMethod, error) {
|
|||
subscriptionId: b.SubscriptionID,
|
||||
tenantId: b.TenantID,
|
||||
},
|
||||
servicePrincipalAuthDocsLink: b.ClientSecretDocsLink,
|
||||
}
|
||||
profilePath, err := cli.ProfilePath()
|
||||
if err != nil {
|
||||
|
@ -38,6 +40,17 @@ func (a azureCliTokenAuth) build(b Builder) (authMethod, error) {
|
|||
|
||||
auth.profile.profile = profile
|
||||
|
||||
// Authenticating as a Service Principal doesn't return all of the information we need for authentication purposes
|
||||
// as such Service Principal authentication is supported using the specific auth method
|
||||
if authenticatedAsAUser := auth.profile.verifyAuthenticatedAsAUser(); !authenticatedAsAUser {
|
||||
return nil, fmt.Errorf(`Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
|
||||
|
||||
To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'
|
||||
auth method - instructions for which can be found here: %s
|
||||
|
||||
Alternatively you can authenticate using the Azure CLI by using a User Account.`, auth.servicePrincipalAuthDocsLink)
|
||||
}
|
||||
|
||||
err = auth.profile.populateFields()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error retrieving the Profile from the Azure CLI: %s Please re-authenticate using `az login`.", err)
|
||||
|
@ -55,7 +68,7 @@ func (a azureCliTokenAuth) isApplicable(b Builder) bool {
|
|||
return b.SupportsAzureCliToken
|
||||
}
|
||||
|
||||
func (a azureCliTokenAuth) getAuthorizationToken(oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
func (a azureCliTokenAuth) getAuthorizationToken(sender autorest.Sender, oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
// the Azure CLI appears to cache these, so to maintain compatibility with the interface this method is intentionally not on the pointer
|
||||
token, err := obtainAuthorizationToken(endpoint, a.profile.subscriptionId)
|
||||
if err != nil {
|
||||
|
|
|
@ -41,7 +41,7 @@ func (a servicePrincipalClientCertificateAuth) name() string {
|
|||
return "Service Principal / Client Certificate"
|
||||
}
|
||||
|
||||
func (a servicePrincipalClientCertificateAuth) getAuthorizationToken(oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
func (a servicePrincipalClientCertificateAuth) getAuthorizationToken(sender autorest.Sender, oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
certificateData, err := ioutil.ReadFile(a.clientCertPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error reading Client Certificate %q: %v", a.clientCertPath, err)
|
||||
|
@ -58,6 +58,8 @@ func (a servicePrincipalClientCertificateAuth) getAuthorizationToken(oauthConfig
|
|||
return nil, err
|
||||
}
|
||||
|
||||
spt.SetSender(sender)
|
||||
|
||||
err = spt.Refresh()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -33,11 +33,12 @@ func (a servicePrincipalClientSecretAuth) name() string {
|
|||
return "Service Principal / Client Secret"
|
||||
}
|
||||
|
||||
func (a servicePrincipalClientSecretAuth) getAuthorizationToken(oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
func (a servicePrincipalClientSecretAuth) getAuthorizationToken(sender autorest.Sender, oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
spt, err := adal.NewServicePrincipalToken(*oauthConfig, a.clientId, a.clientSecret, endpoint)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
spt.SetSender(sender)
|
||||
|
||||
auth := autorest.NewBearerAuthorizer(spt)
|
||||
return auth, nil
|
||||
|
|
|
@ -39,11 +39,14 @@ func (a managedServiceIdentityAuth) name() string {
|
|||
return "Managed Service Identity"
|
||||
}
|
||||
|
||||
func (a managedServiceIdentityAuth) getAuthorizationToken(oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
func (a managedServiceIdentityAuth) getAuthorizationToken(sender autorest.Sender, oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
spt, err := adal.NewServicePrincipalTokenFromMSI(a.endpoint, endpoint)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
spt.SetSender(sender)
|
||||
|
||||
auth := autorest.NewBearerAuthorizer(spt)
|
||||
return auth, nil
|
||||
}
|
||||
|
|
17
vendor/github.com/hashicorp/go-azure-helpers/authentication/azure_cli_profile.go
generated
vendored
17
vendor/github.com/hashicorp/go-azure-helpers/authentication/azure_cli_profile.go
generated
vendored
|
@ -1,6 +1,8 @@
|
|||
package authentication
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/Azure/go-autorest/autorest/azure/cli"
|
||||
)
|
||||
|
||||
|
@ -33,3 +35,18 @@ func (a *azureCLIProfile) populateFields() error {
|
|||
// always pull the environment from the Azure CLI, since the Access Token's associated with it
|
||||
return a.populateEnvironment()
|
||||
}
|
||||
|
||||
func (a *azureCLIProfile) verifyAuthenticatedAsAUser() bool {
|
||||
for _, subscription := range a.profile.Subscriptions {
|
||||
if subscription.User == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
authenticatedAsAUser := strings.EqualFold(subscription.User.Type, "user")
|
||||
if authenticatedAsAUser {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
|
@ -33,6 +33,7 @@ type Builder struct {
|
|||
// Service Principal (Client Secret) Auth
|
||||
SupportsClientSecretAuth bool
|
||||
ClientSecret string
|
||||
ClientSecretDocsLink string
|
||||
}
|
||||
|
||||
// Build takes the configuration from the Builder and builds up a validated Config
|
||||
|
|
|
@ -22,8 +22,8 @@ type Config struct {
|
|||
}
|
||||
|
||||
// GetAuthorizationToken returns an authorization token for the authentication method defined in the Config
|
||||
func (c Config) GetAuthorizationToken(oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
return c.authMethod.getAuthorizationToken(oauthConfig, endpoint)
|
||||
func (c Config) GetAuthorizationToken(sender autorest.Sender, oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
|
||||
return c.authMethod.getAuthorizationToken(sender, oauthConfig, endpoint)
|
||||
}
|
||||
|
||||
func (c Config) validate() (*Config, error) {
|
||||
|
|
|
@ -312,7 +312,7 @@ github.com/hashicorp/consul/lib/freeport
|
|||
github.com/hashicorp/consul/testutil/retry
|
||||
# github.com/hashicorp/errwrap v1.0.0
|
||||
github.com/hashicorp/errwrap
|
||||
# github.com/hashicorp/go-azure-helpers v0.0.0-20190129193224-166dfd221bb2
|
||||
# github.com/hashicorp/go-azure-helpers v0.5.0
|
||||
github.com/hashicorp/go-azure-helpers/authentication
|
||||
github.com/hashicorp/go-azure-helpers/storage
|
||||
# github.com/hashicorp/go-checkpoint v0.5.0
|
||||
|
|
Loading…
Reference in New Issue