mirror of
https://github.com/distribution/distribution.git
synced 2025-09-09 10:49:19 +00:00
bump azure sdk
v1.3.0 of azidentity introduces support to workload identity. Signed-off-by: Flavian Missi <fmissi@redhat.com>
This commit is contained in:
Flavian Missi
55
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
generated
vendored
55
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
generated
vendored
@@ -15,6 +15,7 @@ import (
|
||||
"net/url"
|
||||
"os"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
|
||||
@@ -25,15 +26,17 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
azureAuthorityHost = "AZURE_AUTHORITY_HOST"
|
||||
azureClientCertificatePassword = "AZURE_CLIENT_CERTIFICATE_PASSWORD"
|
||||
azureClientCertificatePath = "AZURE_CLIENT_CERTIFICATE_PATH"
|
||||
azureClientID = "AZURE_CLIENT_ID"
|
||||
azureClientSecret = "AZURE_CLIENT_SECRET"
|
||||
azurePassword = "AZURE_PASSWORD"
|
||||
azureRegionalAuthorityName = "AZURE_REGIONAL_AUTHORITY_NAME"
|
||||
azureTenantID = "AZURE_TENANT_ID"
|
||||
azureUsername = "AZURE_USERNAME"
|
||||
azureAdditionallyAllowedTenants = "AZURE_ADDITIONALLY_ALLOWED_TENANTS"
|
||||
azureAuthorityHost = "AZURE_AUTHORITY_HOST"
|
||||
azureClientCertificatePassword = "AZURE_CLIENT_CERTIFICATE_PASSWORD"
|
||||
azureClientCertificatePath = "AZURE_CLIENT_CERTIFICATE_PATH"
|
||||
azureClientID = "AZURE_CLIENT_ID"
|
||||
azureClientSecret = "AZURE_CLIENT_SECRET"
|
||||
azureFederatedTokenFile = "AZURE_FEDERATED_TOKEN_FILE"
|
||||
azurePassword = "AZURE_PASSWORD"
|
||||
azureRegionalAuthorityName = "AZURE_REGIONAL_AUTHORITY_NAME"
|
||||
azureTenantID = "AZURE_TENANT_ID"
|
||||
azureUsername = "AZURE_USERNAME"
|
||||
|
||||
organizationsTenantID = "organizations"
|
||||
developerSignOnClientID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
|
||||
@@ -41,7 +44,14 @@ const (
|
||||
tenantIDValidationErr = "invalid tenantID. You can locate your tenantID by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names"
|
||||
)
|
||||
|
||||
func getConfidentialClient(clientID, tenantID string, cred confidential.Credential, co *azcore.ClientOptions, additionalOpts ...confidential.Option) (confidential.Client, error) {
|
||||
var (
|
||||
// capability CP1 indicates the client application is capable of handling CAE claims challenges
|
||||
cp1 = []string{"CP1"}
|
||||
// CP1 is disabled until CAE support is added back
|
||||
disableCP1 = true
|
||||
)
|
||||
|
||||
var getConfidentialClient = func(clientID, tenantID string, cred confidential.Credential, co *azcore.ClientOptions, additionalOpts ...confidential.Option) (confidentialClient, error) {
|
||||
if !validTenantID(tenantID) {
|
||||
return confidential.Client{}, errors.New(tenantIDValidationErr)
|
||||
}
|
||||
@@ -49,16 +59,22 @@ func getConfidentialClient(clientID, tenantID string, cred confidential.Credenti
|
||||
if err != nil {
|
||||
return confidential.Client{}, err
|
||||
}
|
||||
authority := runtime.JoinPaths(authorityHost, tenantID)
|
||||
o := []confidential.Option{
|
||||
confidential.WithAuthority(runtime.JoinPaths(authorityHost, tenantID)),
|
||||
confidential.WithAzureRegion(os.Getenv(azureRegionalAuthorityName)),
|
||||
confidential.WithHTTPClient(newPipelineAdapter(co)),
|
||||
}
|
||||
if !disableCP1 {
|
||||
o = append(o, confidential.WithClientCapabilities(cp1))
|
||||
}
|
||||
o = append(o, additionalOpts...)
|
||||
return confidential.New(clientID, cred, o...)
|
||||
if strings.ToLower(tenantID) == "adfs" {
|
||||
o = append(o, confidential.WithInstanceDiscovery(false))
|
||||
}
|
||||
return confidential.New(authority, clientID, cred, o...)
|
||||
}
|
||||
|
||||
func getPublicClient(clientID, tenantID string, co *azcore.ClientOptions) (public.Client, error) {
|
||||
var getPublicClient = func(clientID, tenantID string, co *azcore.ClientOptions, additionalOpts ...public.Option) (public.Client, error) {
|
||||
if !validTenantID(tenantID) {
|
||||
return public.Client{}, errors.New(tenantIDValidationErr)
|
||||
}
|
||||
@@ -66,10 +82,18 @@ func getPublicClient(clientID, tenantID string, co *azcore.ClientOptions) (publi
|
||||
if err != nil {
|
||||
return public.Client{}, err
|
||||
}
|
||||
return public.New(clientID,
|
||||
o := []public.Option{
|
||||
public.WithAuthority(runtime.JoinPaths(authorityHost, tenantID)),
|
||||
public.WithHTTPClient(newPipelineAdapter(co)),
|
||||
)
|
||||
}
|
||||
if !disableCP1 {
|
||||
o = append(o, public.WithClientCapabilities(cp1))
|
||||
}
|
||||
o = append(o, additionalOpts...)
|
||||
if strings.ToLower(tenantID) == "adfs" {
|
||||
o = append(o, public.WithInstanceDiscovery(false))
|
||||
}
|
||||
return public.New(clientID, o...)
|
||||
}
|
||||
|
||||
// setAuthorityHost initializes the authority host for credentials. Precedence is:
|
||||
@@ -153,6 +177,7 @@ type confidentialClient interface {
|
||||
AcquireTokenSilent(ctx context.Context, scopes []string, options ...confidential.AcquireSilentOption) (confidential.AuthResult, error)
|
||||
AcquireTokenByAuthCode(ctx context.Context, code string, redirectURI string, scopes []string, options ...confidential.AcquireByAuthCodeOption) (confidential.AuthResult, error)
|
||||
AcquireTokenByCredential(ctx context.Context, scopes []string, options ...confidential.AcquireByCredentialOption) (confidential.AuthResult, error)
|
||||
AcquireTokenOnBehalfOf(ctx context.Context, userAssertion string, scopes []string, options ...confidential.AcquireOnBehalfOfOption) (confidential.AuthResult, error)
|
||||
}
|
||||
|
||||
// enables fakes for test scenarios
|
||||
|
||||
Reference in New Issue
Block a user