Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use MSGraph SDK and deprecate Autorest for rotate root operations #107

Closed
wants to merge 28 commits into from
Closed

Use MSGraph SDK and deprecate Autorest for rotate root operations #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
24032ec
rotate-root
Zlaticanin Nov 15, 2022
fb1be4b
add
Zlaticanin Nov 15, 2022
3a68369
push updates
Zlaticanin Nov 16, 2022
bec9fad
push updates
Zlaticanin Nov 17, 2022
5b3ad7b
update test client with new interface
vinay-gopalan Nov 17, 2022
0e98a0d
add getclient + deleteapp
Zlaticanin Nov 22, 2022
0c00dd5
update provider interface with only relevant fields
vinay-gopalan Nov 22, 2022
ef8f7fa
remove unnecessary functions
vinay-gopalan Nov 29, 2022
1d9036b
skip tests until they have been refactored
vinay-gopalan Nov 29, 2022
35fa612
Merge branch 'main' into add-rotate-root-endpoint
vinay-gopalan Dec 12, 2022
20b0801
resolve merge conflicts
vinay-gopalan Dec 13, 2022
4892cd3
Add subscription ID as API field for config
vinay-gopalan Dec 13, 2022
2c37a97
upgrade to use MS Graph SDK instead of autorest for rotate root client
vinay-gopalan Dec 19, 2022
26f9ccd
fix formatting and remove unnecessary subscription_id field
vinay-gopalan Dec 19, 2022
8bfc5c1
fix broken function signatures
vinay-gopalan Dec 20, 2022
aa12520
update .go-version
vinay-gopalan Dec 20, 2022
dbfa199
add test for rotate root
vinay-gopalan Jan 12, 2023
6c7378a
comment unneccessary code
vinay-gopalan Jan 25, 2023
9f39c70
merge main
vinay-gopalan Feb 6, 2023
a613933
update branch with latest version of sdk
vinay-gopalan Apr 6, 2023
aedb0a2
resolve merge conflicts and update files
vinay-gopalan Apr 6, 2023
84b5092
add extra uuid package for types
vinay-gopalan Apr 6, 2023
9ef0acf
completely remove autorest from codebase
vinay-gopalan Apr 26, 2023
7305880
update list applications flow
vinay-gopalan Apr 28, 2023
6c12583
delete accidental commit of old test creds file
vinay-gopalan Apr 28, 2023
e4c4f8a
add newline to end of file
vinay-gopalan Apr 28, 2023
2ccc5b2
resolve merge conflicts
vinay-gopalan Apr 28, 2023
8aca190
update msgraph sdk to v1
vinay-gopalan May 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 8 additions & 38 deletions azure.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,13 @@ import (
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/azure"
"github.com/Azure/go-autorest/autorest/azure/auth"
"github.com/coreos/go-oidc"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/vault-plugin-auth-azure/client"
"github.com/hashicorp/vault/sdk/helper/useragent"
"github.com/hashicorp/vault/sdk/logical"
"golang.org/x/oauth2"

"github.com/hashicorp/vault-plugin-auth-azure/client"
)

type computeClient interface {
Expand Down Expand Up @@ -246,40 +244,18 @@ func (p *azureProvider) getClientOptions() *arm.ClientOptions {
}
}

// getAuthorizer attempts to create an authorizer, preferring ClientID/Secret if present,
// and falling back to MSI if not.
func getAuthorizer(settings *azureSettings, resource string) (autorest.Authorizer, error) {
if settings.ClientID != "" && settings.ClientSecret != "" && settings.TenantID != "" {
config := auth.NewClientCredentialsConfig(settings.ClientID, settings.ClientSecret, settings.TenantID)
config.AADEndpoint = settings.Environment.ActiveDirectoryEndpoint
config.Resource = resource
return config.Authorizer()
}

config := auth.NewMSIConfig()
config.Resource = resource
return config.Authorizer()
}

func (p *azureProvider) MSGraphClient() (client.MSGraphClient, error) {
userAgent := useragent.PluginString(p.settings.PluginEnv, userAgentPluginName)

graphURI, err := client.GetGraphURI(p.settings.Environment.Name)
if err != nil {
return nil, err
}

graphApiAuthorizer, err := getAuthorizer(p.settings, graphURI)
if err != nil {
return nil, err
clientSettings := client.ClientSettings{
ClientID: p.settings.ClientID,
ClientSecret: p.settings.ClientSecret,
TenantID: p.settings.TenantID,
}

msGraphAppClient, err := client.NewMSGraphApplicationClient(userAgent, graphURI, graphApiAuthorizer)
msGraphClient, err := client.NewMSGraphApplicationClient(clientSettings)
if err != nil {
return nil, err
}

return msGraphAppClient, nil
return msGraphClient, nil
}

func (p *azureProvider) getTokenCredential() (azcore.TokenCredential, error) {
Expand All @@ -306,7 +282,6 @@ type azureSettings struct {
ClientSecret string
CloudConfig cloud.Configuration
Resource string
Environment azure.Environment
PluginEnv *logical.PluginEnvironment
}

Expand Down Expand Up @@ -353,17 +328,12 @@ func (b *azureAuthBackend) getAzureSettings(ctx context.Context, config *azureCo
if environment == "" {
// use default values if no environment is provided
settings.CloudConfig = cloud.AzurePublic
settings.Environment = azure.PublicCloud
} else {
var err error
settings.CloudConfig, err = ConfigurationFromName(environment)
if err != nil {
return nil, err
}
settings.Environment, err = azure.EnvironmentFromName(environment)
if err != nil {
return nil, err
}
}

pluginEnv, err := b.System().PluginEnv(ctx)
Expand Down
1 change: 1 addition & 0 deletions azure_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
"github.com/coreos/go-oidc"

"github.com/hashicorp/vault-plugin-auth-azure/client"
)

Expand Down
11 changes: 6 additions & 5 deletions backend.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"sync"
"time"

"github.com/google/uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
Expand Down Expand Up @@ -135,16 +136,16 @@ func (b *azureAuthBackend) periodicFunc(ctx context.Context, sys *logical.Reques

app := apps[0]

credsToDelete := []string{}
for _, cred := range app.PasswordCredentials {
if *cred.KeyID != config.NewClientSecretKeyID {
credsToDelete = append(credsToDelete, *cred.KeyID)
credsToDelete := []*uuid.UUID{}
for _, cred := range app.GetPasswordCredentials() {
if cred.GetKeyId().String() != config.NewClientSecretKeyID {
credsToDelete = append(credsToDelete, cred.GetKeyId())
}
}

if len(credsToDelete) != 0 {
b.Logger().Debug("periodic func", "rotate-root", "removing old passwords from Azure")
err = removeApplicationPasswords(ctx, client, *app.ID, credsToDelete...)
err = removeApplicationPasswords(ctx, client, *app.GetId(), credsToDelete...)
if err != nil {
return err
}
Expand Down
Loading