From 0e9453e723a95ec3a6290e2985d7926f8a3f7618 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 23 May 2019 09:24:49 -0700 Subject: [PATCH] azure: allow installer to consume `AZURE_AUTH_LOCATION` env for credentials file Installer uses `NewAuthorizerFromFileWithResource` [1], which uses `GetSettingsFromFile` [2] to locate and load the file with auth credentials. `GetSettingsFromFile` [2] uses the `AZURE_AUTH_LOCATION` env [3] to locate the file with no way to override or specify explicitly. Currently the installer uses the hard-coded location `~/.azure/osServicePrincipal.json` to load the credentials. But for CI, it would be important to override this location to another location like we do for AWS [4]. So this change allows users to set `AZURE_AUTH_LOCATION` env to provider installer custom location to auth file. [1]: https://github.com/Azure/go-autorest/blob/v12.0.0/autorest/azure/auth/auth.go#L243 [2]: https://github.com/Azure/go-autorest/blob/v12.0.0/autorest/azure/auth/auth.go#L287 [3]: https://github.com/Azure/go-autorest/blob/v12.0.0/autorest/azure/auth/auth.go#L289 [4]: https://github.com/openshift/release/blob/6c0b409639d6dcd074238e5396cddcc5c4da1510/ci-operator/templates/openshift/installer/cluster-launch-installer-e2e.yaml#L373-L374 --- pkg/asset/installconfig/azure/session.go | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/pkg/asset/installconfig/azure/session.go b/pkg/asset/installconfig/azure/session.go index e96608ddb31..16fb6b8e040 100644 --- a/pkg/asset/installconfig/azure/session.go +++ b/pkg/asset/installconfig/azure/session.go @@ -16,7 +16,7 @@ import ( const azureAuthEnv = "AZURE_AUTH_LOCATION" -var authFilePath = os.Getenv("HOME") + "/.azure/osServicePrincipal.json" +var defaultAuthFilePath = filepath.Join(os.Getenv("HOME"), ".azure", "osServicePrincipal.json") //Session is an object representing session for subscription type Session struct { @@ -24,7 +24,7 @@ type Session struct { Credentials Credentials } -//Credentials is the data type for credentials as undestood by the azure sdk +//Credentials is the data type for credentials as understood by the azure sdk type Credentials struct { SubscriptionID string `json:"subscriptionId,omitempty"` ClientID string `json:"clientId,omitempty"` @@ -35,18 +35,25 @@ type Credentials struct { // GetSession returns an azure session by using credentials found in ~/.azure/osServicePrincipal.json // and, if no creds are found, asks for them and stores them on disk in a config file func GetSession() (*Session, error) { - os.Setenv(azureAuthEnv, authFilePath) - return newSessionFromFile() + authFile := defaultAuthFilePath + if f := os.Getenv(azureAuthEnv); len(f) > 0 { + authFile = f + } + return newSessionFromFile(authFile) } -func newSessionFromFile() (*Session, error) { +func newSessionFromFile(authFilePath string) (*Session, error) { + // NewAuthorizerFromFileWithResource uses `auth.GetSettingsFromFile`, which uses the `azureAuthEnv` to fetch the auth credentials. + // therefore setting the local env here to authFilePath allows NewAuthorizerFromFileWithResource to load credentials. + os.Setenv(azureAuthEnv, authFilePath) authorizer, err := auth.NewAuthorizerFromFileWithResource(azureenv.PublicCloud.ResourceManagerEndpoint) if err != nil { - logrus.Debug("could not get an azure authorizer from file. Asking user to provide authentication info") + logrus.Debug("Could not get an azure authorizer from file. Asking user to provide authentication info") credentials, err := askForCredentials() if err != nil { return nil, errors.Wrap(err, "failed to retrieve credentials from user") } + logrus.Infof("Saving user credentials to %q", authFilePath) if err = saveCredentials(*credentials, authFilePath); err != nil { return nil, errors.Wrap(err, "failed to save credentials") }