Documentation ¶
Index ¶
- Variables
- func CertificatesAndKeyFromPEM(pem []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)
- type AzureCLICredential
- type ClientCredential
- func NewClientAssertionCredential(tenantID, clientID string, assertion func() (string, error), ...) (*ClientCredential, error)
- func NewClientCertificateCredential(tenantID, clientID string, certificates []*x509.Certificate, ...) (*ClientCredential, error)
- func NewClientCredential(tenantID string, clientID string, options ...CredentialOption) (*ClientCredential, error)
- func NewClientSecretCredential(tenantID, clientID, secret string, options ...CredentialOption) (*ClientCredential, error)
- type CredentialOption
- func WithAssertion(assertion func() (string, error)) CredentialOption
- func WithCertificate(certs []*x509.Certificate, privateKey *rsa.PrivateKey) CredentialOption
- func WithClientID(id string) CredentialOption
- func WithCloud(c cloud.Cloud) CredentialOption
- func WithHTTPClient(c request.Client) CredentialOption
- func WithIMDSDialTimeout(d time.Duration) CredentialOption
- func WithResourceID(id string) CredentialOption
- func WithSecret(secret string) CredentialOption
- type CredentialOptions
- type ManagedIdentityCredential
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoCertificates is returned when no certificates are found in the PEM. ErrNoCertificates = errors.New("no certificates found") // ErrNoPrivateKey is returned when no private key is found in the PEM. ErrNoPrivateKey = errors.New("no private key found") // ErrMultiplePrivateKeys is returned when multiple private keys are found in the PEM. ErrMultiplePrivateKeys = errors.New("multiple private keys found") // ErrKeyNotRSA is returned when the private key is not an RSA key. ErrKeyNotRSA = errors.New("private key is not an RSA key") )
var ( // ErrEmptyTokenResponse is returned when the response from a token request // is empty. ErrEmptyTokenResponse = errors.New("empty token response") // ErrTokenResponse is an erroneous token request. ErrTokenResponse = errors.New("token response error") // ErrInvalidTenantID is returned when an invalid Tenant ID is provided. ErrInvalidTenantID = errors.New("invalid tenant ID") // ErrInvalidClientID is returned when an invalid Client ID is provided. ErrInvalidClientID = errors.New("invalid client ID") )
var ( // ErrUnsupportedManagedIdentityType is returned when the type of the managed identity // cannot be established. ErrUnsupportedManagedIdentityType = errors.New("unsupported managed identity type") // ErrInvalidManagedIdentityResourceID is returned when an invalid managed // identity resource ID is provided. ErrInvalidManagedIdentityResourceID = errors.New("invalid managed identity resource ID") ErrIMDSEndpointUnavailable = errors.New("IMDS endpoint unavailable") )
var ( // ErrAzureCLINotFound is returned when the Azure CLI is not found. ErrAzureCLINotFound = errors.New("azure cli not found") )
var ( // ErrMissingCredentials is returned when credentials such as a client secret is missing. ErrMissingCredentials = errors.New("missing credentials, needs a shared secret") )
Functions ¶
func CertificatesAndKeyFromPEM ¶ added in v0.11.0
func CertificatesAndKeyFromPEM(pem []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)
CertificatesAndKeyFromPEM extracts the x509 certificates and private key from the given PEM.
Types ¶
type AzureCLICredential ¶ added in v0.13.0
type AzureCLICredential struct {
// contains filtered or unexported fields
}
AzureCLICredential represent credentials handled by the Azure CLI. It contains all the necessary settings to perform token requests.
func NewAzureCLICredential ¶ added in v0.13.0
func NewAzureCLICredential(options ...CredentialOption) (*AzureCLICredential, error)
NewAzureCLICredential creates and returns a new *AzureCLICredential.
func (*AzureCLICredential) Token ¶ added in v0.13.0
func (c *AzureCLICredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)
Token returns a new auth.Token for requests to the Azure REST API.
type ClientCredential ¶
type ClientCredential struct {
// contains filtered or unexported fields
}
ClientCredential represents a client credential for authentication to Azure according to the client credential flow. It contains all the necessary settings to perform token requests.
func NewClientAssertionCredential ¶ added in v0.13.0
func NewClientAssertionCredential(tenantID, clientID string, assertion func() (string, error), options ...CredentialOption) (*ClientCredential, error)
NewClientAssertionCredential creates and returns a new *ClientCredential with a client assertion function (client assertion credential).
func NewClientCertificateCredential ¶ added in v0.11.0
func NewClientCertificateCredential(tenantID, clientID string, certificates []*x509.Certificate, key *rsa.PrivateKey, options ...CredentialOption) (*ClientCredential, error)
NewClientCertificateCredential creates and returns a new *ClientCredential with a certificate and private key (client certificate credential).
func NewClientCredential ¶
func NewClientCredential(tenantID string, clientID string, options ...CredentialOption) (*ClientCredential, error)
NewClientCredential creates and returns a new *ClientCredential.
func NewClientSecretCredential ¶
func NewClientSecretCredential(tenantID, clientID, secret string, options ...CredentialOption) (*ClientCredential, error)
NewClientSecretCredential creates and return a new *ClientCredential with a secret (client secret credential).
func (*ClientCredential) Token ¶
func (c *ClientCredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)
Token returns a new auth.Token for requests to the Azure REST API.
type CredentialOption ¶
type CredentialOption func(o *CredentialOptions)
CredentialOption is a function to set *CredentialOptions.
func WithAssertion ¶ added in v0.13.0
func WithAssertion(assertion func() (string, error)) CredentialOption
WithAssertion sets the assertion function for the client credential. The provided function should return a JWT from an identity provider.
func WithCertificate ¶ added in v0.11.0
func WithCertificate(certs []*x509.Certificate, privateKey *rsa.PrivateKey) CredentialOption
WithCertificate sets the certificate and private key.
func WithCloud ¶ added in v0.14.0
func WithCloud(c cloud.Cloud) CredentialOption
WithCloud sets the Azure cloud to authenticate against.
func WithHTTPClient ¶
func WithHTTPClient(c request.Client) CredentialOption
WithHTTPClient sets the HTTP client of the credential.
func WithIMDSDialTimeout ¶ added in v0.15.0
func WithIMDSDialTimeout(d time.Duration) CredentialOption
WithIMDSDialTimeout sets the dial timeout for the IMDS endpoint.
func WithResourceID ¶
func WithResourceID(id string) CredentialOption
WithResourceID sets the resource ID.
func WithSecret ¶
func WithSecret(secret string) CredentialOption
WithSecret sets the client secret.
type CredentialOptions ¶
type CredentialOptions struct {
// contains filtered or unexported fields
}
CredentialOptions contains options for the various credential types.
type ManagedIdentityCredential ¶
type ManagedIdentityCredential struct {
// contains filtered or unexported fields
}
ManagedIdentityCredential represents a managed identity credential for authentication to Azure according to the managed identity credential flow. It contains all the necessary settings to perform token requests.
func NewManagedIdentityCredential ¶
func NewManagedIdentityCredential(options ...CredentialOption) (*ManagedIdentityCredential, error)
NewManagedIdentityCredential creates and returns a new *ManagedIdentityCredential.
func (*ManagedIdentityCredential) Token ¶
func (c *ManagedIdentityCredential) Token(ctx context.Context, options ...auth.TokenOption) (auth.Token, error)
Token returns a new auth.Token for requests to the Azure REST API.