terraform/vendor/github.com/hashicorp/go-azure-helpers/authentication/auth_method_msi.go

package authentication

import (
	"fmt"
	"log"

	"github.com/Azure/go-autorest/autorest"
	"github.com/Azure/go-autorest/autorest/adal"
	"github.com/hashicorp/go-multierror"
)

type managedServiceIdentityAuth struct {
	endpoint string
}

func (a managedServiceIdentityAuth) build(b Builder) (authMethod, error) {
	endpoint := b.MsiEndpoint
	if endpoint == "" {
		msiEndpoint, err := adal.GetMSIVMEndpoint()
		if err != nil {
			return nil, fmt.Errorf("Error determining MSI Endpoint: ensure the VM has MSI enabled, or configure the MSI Endpoint. Error: %s", err)
		}
		endpoint = msiEndpoint
	}

	log.Printf("[DEBUG] Using MSI endpoint %q", endpoint)

	auth := managedServiceIdentityAuth{
		endpoint: endpoint,
	}
	return auth, nil
}

func (a managedServiceIdentityAuth) isApplicable(b Builder) bool {
	return b.SupportsManagedServiceIdentity
}

func (a managedServiceIdentityAuth) name() string {
	return "Managed Service Identity"
}

func (a managedServiceIdentityAuth) getAuthorizationToken(oauthConfig *adal.OAuthConfig, endpoint string) (*autorest.BearerAuthorizer, error) {
	spt, err := adal.NewServicePrincipalTokenFromMSI(a.endpoint, endpoint)
	if err != nil {
		return nil, err
	}
	auth := autorest.NewBearerAuthorizer(spt)
	return auth, nil
}

func (a managedServiceIdentityAuth) populateConfig(c *Config) error {
	// nothing to populate back
	return nil
}

func (a managedServiceIdentityAuth) validate() error {
	var err *multierror.Error

	if a.endpoint == "" {
		err = multierror.Append(err, fmt.Errorf("An MSI Endpoint must be configured"))
	}

	return err.ErrorOrNil()
}
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var 2018-11-21 22:06:03 +01:00			`package authentication`

			`import (`
			`"fmt"`
			`"log"`

			`"github.com/Azure/go-autorest/autorest"`
			`"github.com/Azure/go-autorest/autorest/adal"`
			`"github.com/hashicorp/go-multierror"`
			`)`

			`type managedServiceIdentityAuth struct {`
			`endpoint string`
			`}`

			`func (a managedServiceIdentityAuth) build(b Builder) (authMethod, error) {`
			`endpoint := b.MsiEndpoint`
			`if endpoint == "" {`
			`msiEndpoint, err := adal.GetMSIVMEndpoint()`
			`if err != nil {`
			`return nil, fmt.Errorf("Error determining MSI Endpoint: ensure the VM has MSI enabled, or configure the MSI Endpoint. Error: %s", err)`
			`}`
			`endpoint = msiEndpoint`
			`}`

			`log.Printf("[DEBUG] Using MSI endpoint %q", endpoint)`

			`auth := managedServiceIdentityAuth{`
			`endpoint: endpoint,`
			`}`
			`return auth, nil`
			`}`

			`func (a managedServiceIdentityAuth) isApplicable(b Builder) bool {`
			`return b.SupportsManagedServiceIdentity`
			`}`

			`func (a managedServiceIdentityAuth) name() string {`
			`return "Managed Service Identity"`
			`}`

vendor: Downgrade Azure dependencies This is to allow Terraform providers to upgrade to at least one more minor version of the plugin SDK without major UX hiccups. This concludes (unsuccessful) experiments involving upgrades to SDK with https://github.com/Azure/go-autorest/pull/455 Even with that patch all providers still experience broken UX as described in https://github.com/hashicorp/terraform/pull/22490 This downgrade reduces the uncomfort to only a handful of providers from >100s. The affected providers more or less directly depend on Azure SDK(s), which is ~8. Affected providers practically cannot consume Terraform Plugin SDK with this patch (downgraded Azure SDKs) and can just wait for extracted Terraform Plugin SDK which is planned to be released soon. This reverts the following PRs: - https://github.com/hashicorp/terraform/pull/22247 - https://github.com/hashicorp/terraform/pull/22248 - https://github.com/hashicorp/terraform/pull/22524 - https://github.com/hashicorp/terraform/pull/22525 and it is otherwise result of the following commands ``` go get github.com/Azure/azure-sdk-for-go@v21.3.0 go get github.com/hashicorp/go-azure-helpers@166dfd221bb2 go mod tidy ``` 2019-08-20 16:50:20 +02:00			`func (a managedServiceIdentityAuth) getAuthorizationToken(oauthConfig adal.OAuthConfig, endpoint string) (autorest.BearerAuthorizer, error) {`
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var 2018-11-21 22:06:03 +01:00			`spt, err := adal.NewServicePrincipalTokenFromMSI(a.endpoint, endpoint)`
			`if err != nil {`
			`return nil, err`
			`}`
			`auth := autorest.NewBearerAuthorizer(spt)`
			`return auth, nil`
			`}`

			`func (a managedServiceIdentityAuth) populateConfig(c *Config) error {`
			`// nothing to populate back`
			`return nil`
			`}`

			`func (a managedServiceIdentityAuth) validate() error {`
			`var err *multierror.Error`

			`if a.endpoint == "" {`
			`err = multierror.Append(err, fmt.Errorf("An MSI Endpoint must be configured"))`
			`}`

			`return err.ErrorOrNil()`
			`}`