wip

auth/azure.go

@@ -15,7 +15,6 @@
 package auth
 
 import (
-	"bytes"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -30,8 +29,7 @@ import (
 )
 
 const (
-	AzureAuthPath    = ".azure/credentials.json"
-	AzureProfilePath = ".azure/azureProfile.json"
+	AzureAuthPath = ".azure/credentials.json"
 )
 
 // A version of the Options struct from platform/api/azure that only
@@ -52,47 +50,6 @@ type Options struct {
 	StorageEndpointSuffix string
 }
 
-type AzureEnvironment struct {
-	ActiveDirectoryEndpointURL                        string `json:"activeDirectoryEndpointUrl"`
-	ActiveDirectoryGraphAPIVersion                    string `json:"activeDirectoryGraphApiVersion"`
-	ActiveDirectoryGraphResourceID                    string `json:"activeDirectoryGraphResourceId"`
-	ActiveDirectoryResourceID                         string `json:"activeDirectoryResourceId"`
-	AzureDataLakeAnalyticsCatalogAndJobEndpointSuffix string `json:"azureDataLakeAnalyticsCatalogAndJobEndpointSuffix"`
-	AzureDataLakeStoreFileSystemEndpointSuffix        string `json:"azureDataLakeStoreFileSystemEndpointSuffix"`
-	GalleryEndpointURL                                string `json:"galleryEndpointUrl"`
-	KeyVaultDNSSuffix                                 string `json:"keyVaultDnsSuffix"`
-	ManagementEndpointURL                             string `json:"managementEndpointUrl"`
-	Name                                              string `json:"name"`
-	PortalURL                                         string `json:"portalUrl"`
-	PublishingProfileURL                              string `json:"publishingProfileUrl"`
-	ResourceManagerEndpointURL                        string `json:"resourceManagerEndpointUrl"`
-	SqlManagementEndpointURL                          string `json:"sqlManagementEndpointUrl"`
-	SqlServerHostnameSuffix                           string `json:"sqlServerHostnameSuffix"`
-	StorageEndpointSuffix                             string `json:"storageEndpointSuffix"`
-}
-
-type AzureManagementCertificate struct {
-	Cert string `json:"cert"`
-	Key  string `json:"key"`
-}
-
-type AzureSubscription struct {
-	EnvironmentName       string                     `json:"environmentName"`
-	ID                    string                     `json:"id"`
-	IsDefault             bool                       `json:"isDefault"`
-	ManagementCertificate AzureManagementCertificate `json:"managementCertificate"`
-	ManagementEndpointURL string                     `json:"managementEndpointUrl"`
-	Name                  string                     `json:"name"`
-	RegisteredProviders   []string                   `json:"registeredProviders"`
-	State                 string                     `json:"state"`
-}
-
-// AzureProfile represents a parsed Azure Profile Configuration File.
-type AzureProfile struct {
-	Environments  []AzureEnvironment  `json:"environments"`
-	Subscriptions []AzureSubscription `json:"subscriptions"`
-}
-
 type AzureCredentials struct {
 	ClientID                       string `json:"clientId"`
 	ClientSecret                   string `json:"clientSecret"`
@@ -106,85 +63,7 @@ type AzureCredentials struct {
 	ManagementEndpointURL          string `json:"managementEndpointUrl"`
 }
 
-// AsOptions converts all subscriptions into a slice of Options.
-// If there is an environment with a name matching the subscription, that environment's storage endpoint will be copied to the options.
-func (ap *AzureProfile) AsOptions() []Options {
-	var o []Options
-
-	for _, sub := range ap.Subscriptions {
-		var cert []byte
-		if len(sub.ManagementCertificate.Key) > 0 || len(sub.ManagementCertificate.Cert) > 0 {
-			cert = bytes.Join([][]byte{[]byte(sub.ManagementCertificate.Key), []byte(sub.ManagementCertificate.Cert)}, []byte("\n"))
-		}
-		newo := Options{
-			SubscriptionName:      sub.Name,
-			SubscriptionID:        sub.ID,
-			ManagementURL:         sub.ManagementEndpointURL,
-			ManagementCertificate: cert,
-		}
-
-		// find the storage endpoint for the subscription
-		for _, e := range ap.Environments {
-			if e.Name == sub.EnvironmentName {
-				newo.StorageEndpointSuffix = e.StorageEndpointSuffix
-				break
-			}
-		}
-
-		o = append(o, newo)
-	}
-
-	return o
-}
-
-type SubFilter struct {
-	name string
-	id   string
-}
-
-func FilterByName(name string) SubFilter {
-	return SubFilter{name: name}
-}
-func FilterByID(id string) SubFilter {
-	return SubFilter{id: id}
-}
-func (s *SubFilter) IsEmpty() bool {
-	return s.name == "" && s.id == ""
-}
-func (s *SubFilter) Matches(opts *Options) bool {
-	if s.name != "" && opts.SubscriptionName == s.name {
-		return true
-	}
-	if s.id != "" && opts.SubscriptionID == s.id {
-		return true
-	}
-	return false
-}
-
-// SubscriptionOptions returns the name subscription in the Azure profile as a Options struct.
-// If the subscription name is "", the first subscription is returned.
-// If there are no subscriptions or the named subscription is not found, SubscriptionOptions returns nil.
-func (ap *AzureProfile) SubscriptionOptions(filter SubFilter) *Options {
-	opts := ap.AsOptions()
-
-	if len(opts) == 0 {
-		return nil
-	}
-
-	if filter.IsEmpty() {
-		return &opts[0]
-	} else {
-		for _, o := range ap.AsOptions() {
-			if filter.Matches(&o) {
-				return &o
-			}
-		}
-	}
-
-	return nil
-}
-
-// ReadAzureSubscription decodes an Azure Subscription, as created by
+// ReadAzureCredentials decodes an Azure Subscription, as created by
 // the Azure Cross-platform CLI.
 //
 // If path is empty, value of the environment variable
@@ -211,27 +90,6 @@ func ReadAzureCredentials(path string) (*AzureCredentials, error) {
 	return &ac, nil
 }
 
-// ReadAzureProfile decodes an Azure Profile, as created by the Azure Cross-platform CLI.
-//
-// If path is empty, $HOME/.azure/azureProfile.json is read.
-func ReadAzureProfile(path string) (*AzureProfile, error) {
-	contents, err := readBOMFile(path, AzureProfilePath)
-	if err != nil {
-		return nil, err
-	}
-
-	var ap AzureProfile
-	if err := json.Unmarshal(contents, &ap); err != nil {
-		return nil, err
-	}
-
-	if len(ap.Subscriptions) == 0 {
-		return nil, fmt.Errorf("Azure profile %q contains no subscriptions", path)
-	}
-
-	return &ap, nil
-}
-
 func readBOMFile(path, defaultFilename string) ([]byte, error) {
 	if path == "" {
 		user, err := user.Current()

cmd/kola/options.go

@@ -107,7 +107,7 @@ func init() {
 	sv(&kola.AWSOptions.IAMInstanceProfile, "aws-iam-profile", "kola", "AWS IAM instance profile name")
 
 	// azure-specific options
-	sv(&kola.AzureOptions.AzureProfile, "azure-profile", "", "Azure profile (default \"~/"+auth.AzureProfilePath+"\")")
+	bv(&kola.AzureOptions.UseDefaultAuth, "azure-use-default-auth", true, "Use default Azure auth (env -> workload -> managed -> az cli -> az dev cli)")
 	sv(&kola.AzureOptions.AzureAuthLocation, "azure-auth", "", "Azure auth location (default \"~/"+auth.AzureAuthPath+"\")")
 	sv(&kola.AzureOptions.BlobURL, "azure-blob-url", "", "Azure source page blob to be copied from a public/SAS URL, recommended way (from \"plume pre-release\" or \"ore azure upload-blob-arm\")")
 	sv(&kola.AzureOptions.ImageFile, "azure-image-file", "", "Azure image file (local image to upload in the temporary kola resource group)")
@@ -122,7 +122,6 @@ func init() {
 	sv(&kola.AzureOptions.VnetSubnetName, "azure-vnet-subnet-name", "", "Use a pre-existing virtual network for created instances. Specify as vnet-name/subnet-name. If subnet name is omitted then \"default\" is assumed")
 	bv(&kola.AzureOptions.UseGallery, "azure-use-gallery", false, "Use gallery image instead of managed image")
 	bv(&kola.AzureOptions.UsePrivateIPs, "azure-use-private-ips", false, "Assume nodes are reachable using private IP addresses")
-	bv(&kola.AzureOptions.UseIdentity, "azure-identity", false, "Use VM managed identity for authentication (default false)")
 	sv(&kola.AzureOptions.DiskController, "azure-disk-controller", "default", "Use a specific disk-controller for storage (default \"default\", also \"nvme\" and \"scsi\")")
 	sv(&kola.AzureOptions.ResourceGroup, "azure-resource-group", "", "Deploy resources in an existing resource group")
 	sv(&kola.AzureOptions.AvailabilitySet, "azure-availability-set", "", "Deploy instances with an existing availibity set")

cmd/ore/azure.go

@@ -12,9 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// The package github.com/Azure/azure-sdk-for-go needs go 1.7 for TLS
-// renegotiation, so only link in the ore subcommands if we build with go 1.7.
-
 package main
 
 import (

cmd/ore/azure/azure.go

@@ -18,7 +18,6 @@ import (
 	"github.com/coreos/pkg/capnslog"
 	"github.com/spf13/cobra"
 
-	"github.com/flatcar/mantle/auth"
 	"github.com/flatcar/mantle/cli"
 	"github.com/flatcar/mantle/platform/api/azure"
 )
@@ -31,11 +30,10 @@ var (
 		Short: "azure image and vm utilities",
 	}
 
-	azureProfile      string
-	azureAuth         string
-	azureSubscription string
-	azureLocation     string
-	useIdentity       bool
+	azureUseDefaultAuth bool
+	azureAuth           string
+	azureLocation       string
+	useIdentity         bool
 
 	api *azure.API
 )
@@ -45,22 +43,18 @@ func init() {
 
 	sv := Azure.PersistentFlags().StringVar
 	bv := Azure.PersistentFlags().BoolVar
-	sv(&azureProfile, "azure-profile", "", "Azure Profile json file")
-	sv(&azureAuth, "azure-auth", "", "Azure auth location (default \"~/"+auth.AzureAuthPath+"\")")
-	sv(&azureSubscription, "azure-subscription", "", "Azure subscription name. If unset, the first is used.")
+	sv(&azureAuth, "azure-auth", "", "Azure Credentials json file")
+	bv(&azureUseDefaultAuth, "azure-use-default-auth", true, "Use default Azure auth (env -> workload -> managed -> az cli -> az dev cli)")
 	sv(&azureLocation, "azure-location", "westus", "Azure location (default \"westus\")")
-	bv(&useIdentity, "azure-identity", false, "Use VM managed identity for authentication (default false)")
 }
 
 func preauth(cmd *cobra.Command, args []string) error {
 	plog.Printf("Creating Azure API...")
 
 	a, err := azure.New(&azure.Options{
-		AzureProfile:      azureProfile,
+		UseDefaultAuth:    azureUseDefaultAuth,
 		AzureAuthLocation: azureAuth,
-		AzureSubscription: azureSubscription,
 		Location:          azureLocation,
-		UseIdentity:       useIdentity,
 	})
 	if err != nil {
 		plog.Fatalf("Failed to create Azure API: %v", err)