Beispiel #1
0
Datei: auth.go Projekt: bac/juju
// AuthToken returns a service principal token, suitable for authorizing
// Resource Manager API requests, based on the supplied CloudSpec.
func AuthToken(cloud environs.CloudSpec, sender autorest.Sender) (*azure.ServicePrincipalToken, error) {
	if authType := cloud.Credential.AuthType(); authType != clientCredentialsAuthType {
		// We currently only support a single auth-type for
		// non-interactive authentication. Interactive auth
		// is used only to generate a service-principal.
		return nil, errors.NotSupportedf("auth-type %q", authType)
	}

	credAttrs := cloud.Credential.Attributes()
	subscriptionId := credAttrs[credAttrSubscriptionId]
	appId := credAttrs[credAttrAppId]
	appPassword := credAttrs[credAttrAppPassword]
	client := subscriptions.Client{subscriptions.NewWithBaseURI(cloud.Endpoint)}
	client.Sender = sender
	oauthConfig, _, err := azureauth.OAuthConfig(client, cloud.Endpoint, subscriptionId)
	if err != nil {
		return nil, errors.Trace(err)
	}

	resource := azureauth.TokenResource(cloud.Endpoint)
	token, err := azure.NewServicePrincipalToken(
		*oauthConfig,
		appId,
		appPassword,
		resource,
	)
	if err != nil {
		return nil, errors.Annotate(err, "constructing service principal token")
	}
	if sender != nil {
		token.SetSender(sender)
	}
	return token, nil
}
Beispiel #2
0
func (s *OAuthConfigSuite) TestOAuthConfig(c *gc.C) {
	client := subscriptions.Client{subscriptions.NewWithBaseURI("https://testing.invalid")}
	client.Sender = oauthConfigSender()
	cfg, tenantId, err := azureauth.OAuthConfig(client, "https://testing.invalid", "subscription-id")
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(tenantId, gc.Equals, fakeTenantId)

	baseURL := url.URL{
		Scheme:   "https",
		Host:     "testing.invalid",
		RawQuery: "api-version=1.0",
	}
	expectedCfg := &azure.OAuthConfig{
		AuthorizeEndpoint:  baseURL,
		TokenEndpoint:      baseURL,
		DeviceCodeEndpoint: baseURL,
	}
	expectedCfg.AuthorizeEndpoint.Path = "/11111111-1111-1111-1111-111111111111/oauth2/authorize"
	expectedCfg.TokenEndpoint.Path = "/11111111-1111-1111-1111-111111111111/oauth2/token"
	expectedCfg.DeviceCodeEndpoint.Path = "/11111111-1111-1111-1111-111111111111/oauth2/devicecode"

	c.Assert(cfg, jc.DeepEquals, expectedCfg)
}