// AuthToken returns a service principal token, suitable for authorizing // Resource Manager API requests, based on the supplied CloudSpec. func AuthToken(cloud environs.CloudSpec, sender autorest.Sender) (*azure.ServicePrincipalToken, error) { if authType := cloud.Credential.AuthType(); authType != clientCredentialsAuthType { // We currently only support a single auth-type for // non-interactive authentication. Interactive auth // is used only to generate a service-principal. return nil, errors.NotSupportedf("auth-type %q", authType) } credAttrs := cloud.Credential.Attributes() subscriptionId := credAttrs[credAttrSubscriptionId] appId := credAttrs[credAttrAppId] appPassword := credAttrs[credAttrAppPassword] client := subscriptions.Client{subscriptions.NewWithBaseURI(cloud.Endpoint)} client.Sender = sender oauthConfig, _, err := azureauth.OAuthConfig(client, cloud.Endpoint, subscriptionId) if err != nil { return nil, errors.Trace(err) } resource := azureauth.TokenResource(cloud.Endpoint) token, err := azure.NewServicePrincipalToken( *oauthConfig, appId, appPassword, resource, ) if err != nil { return nil, errors.Annotate(err, "constructing service principal token") } if sender != nil { token.SetSender(sender) } return token, nil }
func (s *OAuthConfigSuite) TestOAuthConfig(c *gc.C) { client := subscriptions.Client{subscriptions.NewWithBaseURI("https://testing.invalid")} client.Sender = oauthConfigSender() cfg, tenantId, err := azureauth.OAuthConfig(client, "https://testing.invalid", "subscription-id") c.Assert(err, jc.ErrorIsNil) c.Assert(tenantId, gc.Equals, fakeTenantId) baseURL := url.URL{ Scheme: "https", Host: "testing.invalid", RawQuery: "api-version=1.0", } expectedCfg := &azure.OAuthConfig{ AuthorizeEndpoint: baseURL, TokenEndpoint: baseURL, DeviceCodeEndpoint: baseURL, } expectedCfg.AuthorizeEndpoint.Path = "/11111111-1111-1111-1111-111111111111/oauth2/authorize" expectedCfg.TokenEndpoint.Path = "/11111111-1111-1111-1111-111111111111/oauth2/token" expectedCfg.DeviceCodeEndpoint.Path = "/11111111-1111-1111-1111-111111111111/oauth2/devicecode" c.Assert(cfg, jc.DeepEquals, expectedCfg) }