Skip to main content

Azure + GoLang SDK : Authenticating Part-2


The auth package lives at "github.com/Azure/go-autorest/autorest/azure/auth"
In the above package, at the moment I have explored below two functions (my notes):


This function definition looks like below :





Looks pretty simple, to begin with. The definition tells us that another function called getAuthenticationSettings() is fetching some authentication settings and returns a struct of type settings then at the end return settings.getAuthorizer() is called.

 I use VSCode (with Go extensions) and I can go to each method and press F12 key to go to the function definition for it. It reveals the below definition in the same auth.go file for the first function called.
Now the above function is straight forward as it tries to read the environment variable using  os.Getenv() method and construct the structure and returns it.

 Once we have the struct returned, there is a method attached to it which looks like below:
This one is interesting as it tells the order in which the environment variables are given preference e.g.

  1. Client Credentials - Specify the env vars:
    1.  AZURE_CLIENT_ID
    2. AZURE_CLIENT_SECRET
    3. AZURE_TENANT_ID
  2. Client Certificate - Specify the env vars:
    1. AZURE_CERTIFICATE_PATH
    2. AZURE_CERTIFICATE_PASSWORD
    3. AZURE_TENANT_ID
  3. Username Password - Specify the env vars:
    1. AZURE_USERNAME
    2. AZURE_PASSWORD
    3. AZURE_CLIENT_ID
    4. AZURE_TENANT_ID
  4. MSI - specify the env vars:
    1. AZURE_AD_RESOURCE
    2. AZURE_CLIENT_ID
So, in order to use this method, you can choose any of the above ways of authenticating but you have to populate these env vars beforehand.

Also, auth.go file has a bunch of more functions that can be used for authenticating as well.

Labels:

Popular posts from this blog

Test connectivity via a specific network interface

Recently while working on a Private cloud implementation, I came across a scenario where I needed to test connectivity of a node to the AD/DNS via multiple network adapters.  Many of us would know that having multiple network routes is usually done to take care of redundancy. So that if a network adapter goes down, one can use the other network interface to reach out to the node. In order to make it easy for everyone to follow along, below is an analogy for the above scenario: My laptop has multiple network adapters (say Wi-Fi and Ethernet) connected to the same network. Now how do I test connectivity to a Server on the network only over say Wi-Fi network adapter?
Get-FullPost »

PowerShell + SCCM : Run CM cmdlets remotely

Today I saw a tweet about using implicit remoting to load the Configuration Manager on my machine by Justin Mathews . It caught my eye as I have never really tried it, but theoretically it can be done. Note - The second tweet says "Cannot find a provider with the name CMSite", resolution to which is in the Troubleshooting section at the end.
Get-FullPost »

PowerShell : Trust network share to load modules & ps1

Problem Do you have a central network share, where you store all the scripts or PowerShell modules ? What happens if you try to run the script from a network share ? or if you have scripts (local) which invoke scripts or import PowerShell modules stored on this network share ? Well you would see a security warning like below (Note - I have set execution policy as 'Unrestricted' not 'bypass' here): Run a .ps1 from the network share Well this is a similar warning, which you get when you download scripts from Internet. As the message says run Unblock-File cmdlet to unblock the script and then run it, let's try it.
Get-FullPost »