示例#1
0
文件: interactive.go 项目: bac/juju
func getServicePrincipal(client ad.ServicePrincipalsClient) (ad.ServicePrincipal, error) {
	// TODO(axw) filter by Service Principal Name (SPN).
	// It works without that, but the response is noisy.
	result, err := client.List("")
	if err != nil {
		return ad.ServicePrincipal{}, errors.Annotate(err, "listing service principals")
	}
	for _, sp := range result.Value {
		if sp.ApplicationID == jujuApplicationId {
			return sp, nil
		}
	}
	return ad.ServicePrincipal{}, errors.NotFoundf("service principal")
}
示例#2
0
文件: interactive.go 项目: bac/juju
func addServicePrincipalPasswordCredential(
	client ad.ServicePrincipalsClient,
	servicePrincipalObjectId string,
	passwordCredential ad.PasswordCredential,
) error {
	existing, err := client.ListPasswordCredentials(servicePrincipalObjectId)
	if err != nil {
		return errors.Trace(err)
	}
	passwordCredentials := append(existing.Value, passwordCredential)
	_, err = client.UpdatePasswordCredentials(
		servicePrincipalObjectId,
		ad.PasswordCredentialsUpdateParameters{passwordCredentials},
	)
	return errors.Trace(err)
}
示例#3
0
文件: interactive.go 项目: bac/juju
func createOrUpdateServicePrincipal(
	client ad.ServicePrincipalsClient,
	subscriptionId string,
	clock clock.Clock,
	newUUID func() (utils.UUID, error),
) (servicePrincipalObjectId, password string, _ error) {
	passwordCredential, err := preparePasswordCredential(clock, newUUID)
	if err != nil {
		return "", "", errors.Annotate(err, "preparing password credential")
	}

	servicePrincipal, err := client.Create(
		ad.ServicePrincipalCreateParameters{
			ApplicationID:       jujuApplicationId,
			AccountEnabled:      true,
			PasswordCredentials: []ad.PasswordCredential{passwordCredential},
		},
		nil, // abort
	)
	if err != nil {
		if !isMultipleObjectsWithSameKeyValueErr(err) {
			return "", "", errors.Trace(err)
		}
		// The service principal already exists, so we'll fall out
		// and update the service principal's password credentials.
	} else {
		// The service principal was created successfully, with the
		// requested password credential.
		return servicePrincipal.ObjectID, passwordCredential.Value, nil
	}

	// The service principal already exists, so we need to query
	// its object ID, and fetch the existing password credentials
	// to update.
	servicePrincipal, err = getServicePrincipal(client)
	if err != nil {
		return "", "", errors.Trace(err)
	}
	if err := addServicePrincipalPasswordCredential(
		client, servicePrincipal.ObjectID,
		passwordCredential,
	); err != nil {
		return "", "", errors.Annotate(err, "updating password credentials")
	}
	return servicePrincipal.ObjectID, passwordCredential.Value, nil
}