// AuthToken returns a service principal token, suitable for authorizing // Resource Manager API requests, based on the supplied CloudSpec. func AuthToken(cloud environs.CloudSpec, sender autorest.Sender) (*azure.ServicePrincipalToken, error) { if authType := cloud.Credential.AuthType(); authType != clientCredentialsAuthType { // We currently only support a single auth-type for // non-interactive authentication. Interactive auth // is used only to generate a service-principal. return nil, errors.NotSupportedf("auth-type %q", authType) } credAttrs := cloud.Credential.Attributes() subscriptionId := credAttrs[credAttrSubscriptionId] appId := credAttrs[credAttrAppId] appPassword := credAttrs[credAttrAppPassword] client := subscriptions.Client{subscriptions.NewWithBaseURI(cloud.Endpoint)} client.Sender = sender oauthConfig, _, err := azureauth.OAuthConfig(client, cloud.Endpoint, subscriptionId) if err != nil { return nil, errors.Trace(err) } resource := azureauth.TokenResource(cloud.Endpoint) token, err := azure.NewServicePrincipalToken( *oauthConfig, appId, appPassword, resource, ) if err != nil { return nil, errors.Annotate(err, "constructing service principal token") } if sender != nil { token.SetSender(sender) } return token, nil }
func (s *TokenResourceSuite) TestTokenResource(c *gc.C) { out := azureauth.TokenResource("https://graph.windows.net") c.Assert(out, gc.Equals, "https://graph.windows.net/") out = azureauth.TokenResource("https://graph.windows.net/") c.Assert(out, gc.Equals, "https://graph.windows.net/") }