Skip to content

Instantly share code, notes, and snippets.

@jasonwbarnett
Last active April 23, 2020 16:15
Show Gist options
  • Save jasonwbarnett/a88e659673ab4b5306c86cc44fcefe37 to your computer and use it in GitHub Desktop.
Save jasonwbarnett/a88e659673ab4b5306c86cc44fcefe37 to your computer and use it in GitHub Desktop.
diff --git a/lib/kitchen/driver/azure_credentials.rb b/lib/kitchen/driver/azure_credentials.rb
index 0d38784..4def42c 100644
--- a/lib/kitchen/driver/azure_credentials.rb
+++ b/lib/kitchen/driver/azure_credentials.rb
@@ -28,7 +28,7 @@ module Kitchen
if File.file?(config_file)
@credentials = IniFile.load(File.expand_path(config_file))
else
- warn "#{CONFIG_PATH} was not found or not accessible."
+ warn "#{CONFIG_PATH} was not found or not accessible. Will use environment variables or MSI."
end
end
@@ -38,33 +38,50 @@ module Kitchen
# @return [Object] Object that can be supplied along with all Azure client requests.
#
def azure_options
- options = { tenant_id: tenant_id,
- client_id: client_id,
- client_secret: client_secret,
+ options = { tenant_id: tenant_id!,
subscription_id: subscription_id,
credentials: ::MsRest::TokenCredentials.new(token_provider),
active_directory_settings: ad_settings,
base_url: endpoint_settings.resource_manager_endpoint_url }
-
+ options[:client_id] = client_id if client_id
+ options[:client_secret] = client_secret if client_secret
options
end
private
+ def credentials
+ @credentials ||= {}
+ end
+
+ def credentials_property(property)
+ credentials[subscription_id]&.[](property)
+ end
+
+ def tenant_id!
+ tenant_id || raise("Must provide tenant id. Use AZURE_TENANT_ID environment variable or set it in credentials file")
+ end
+
def tenant_id
- ENV["AZURE_TENANT_ID"] || @credentials[subscription_id]["tenant_id"]
+ ENV["AZURE_TENANT_ID"] || credentials_property("tenant_id")
end
def client_id
- ENV["AZURE_CLIENT_ID"] || @credentials[subscription_id]["client_id"]
+ ENV["AZURE_CLIENT_ID"] || credentials_property("client_id")
end
def client_secret
- ENV["AZURE_CLIENT_SECRET"] || @credentials[subscription_id]["client_secret"]
+ ENV["AZURE_CLIENT_SECRET"] || credentials_property("client_secret")
end
def token_provider
- ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
+ if client_id && client_secret
+ ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
+ elsif client_id
+ ::MsRestAzure::MSITokenProvider.new(50342, ad_settings, { client_id: client_id })
+ else
+ ::MsRestAzure::MSITokenProvider.new(50342, ad_settings)
+ end
end
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment