| | | 1 | | // Copyright (c) Microsoft Corporation. All rights reserved. |
| | | 2 | | // Licensed under the MIT License. |
| | | 3 | | |
| | | 4 | | using Azure.Core; |
| | | 5 | | using Azure.Core.Diagnostics; |
| | | 6 | | using System; |
| | | 7 | | using System.IO; |
| | | 8 | | using System.Text; |
| | | 9 | | using System.Text.Json; |
| | | 10 | | using System.Threading; |
| | | 11 | | using System.Threading.Tasks; |
| | | 12 | | using Azure.Core.Pipeline; |
| | | 13 | | |
| | | 14 | | namespace Azure.Identity |
| | | 15 | | { |
| | | 16 | | /// <summary> |
| | | 17 | | /// Attempts authentication using a managed identity that has been assigned to the deployment environment. This auth |
| | | 18 | | /// App Service and Azure Functions applications, as well as the Azure Cloud Shell. More information about configuri |
| | | 19 | | /// https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview |
| | | 20 | | /// </summary> |
| | | 21 | | public class ManagedIdentityCredential : TokenCredential |
| | | 22 | | { |
| | | 23 | | internal const string MsiUnavailableError = "No managed identity endpoint found."; |
| | | 24 | | |
| | | 25 | | private readonly CredentialPipeline _pipeline; |
| | | 26 | | private readonly ManagedIdentityClient _client; |
| | | 27 | | |
| | | 28 | | /// <summary> |
| | | 29 | | /// Protected constructor for mocking. |
| | | 30 | | /// </summary> |
| | 40 | 31 | | protected ManagedIdentityCredential() |
| | | 32 | | { |
| | | 33 | | |
| | 40 | 34 | | } |
| | | 35 | | |
| | | 36 | | /// <summary> |
| | | 37 | | /// Creates an instance of the ManagedIdentityCredential capable of authenticating a resource with a managed ide |
| | | 38 | | /// </summary> |
| | | 39 | | /// <param name="clientId"> |
| | | 40 | | /// The client id to authenticate for a user assigned managed identity. More information on user assigned manag |
| | | 41 | | /// https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview#how-a-us |
| | | 42 | | /// </param> |
| | | 43 | | /// <param name="options">Options to configure the management of the requests sent to the Azure Active Directory |
| | | 44 | | public ManagedIdentityCredential(string clientId = null, TokenCredentialOptions options = null) |
| | 16 | 45 | | : this(clientId, CredentialPipeline.GetInstance(options)) |
| | | 46 | | { |
| | 16 | 47 | | } |
| | | 48 | | |
| | | 49 | | internal ManagedIdentityCredential(string clientId, CredentialPipeline pipeline) |
| | 22 | 50 | | : this(pipeline, new ManagedIdentityClient(pipeline, clientId)) |
| | | 51 | | { |
| | 22 | 52 | | } |
| | | 53 | | |
| | 70 | 54 | | internal ManagedIdentityCredential(CredentialPipeline pipeline, ManagedIdentityClient client) |
| | | 55 | | { |
| | | 56 | | |
| | 70 | 57 | | _pipeline = pipeline; |
| | | 58 | | |
| | 70 | 59 | | _client = client; |
| | 70 | 60 | | } |
| | | 61 | | |
| | | 62 | | /// <summary> |
| | | 63 | | /// Obtains an <see cref="AccessToken"/> from the Managed Identity service if available. This method is called b |
| | | 64 | | /// </summary> |
| | | 65 | | /// <param name="requestContext">The details of the authentication request.</param> |
| | | 66 | | /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> |
| | | 67 | | /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls, or a default < |
| | | 68 | | public override async ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken |
| | | 69 | | { |
| | 32 | 70 | | return await GetTokenImplAsync(true, requestContext, cancellationToken).ConfigureAwait(false); |
| | 12 | 71 | | } |
| | | 72 | | |
| | | 73 | | /// <summary> |
| | | 74 | | /// Obtains an <see cref="AccessToken"/> from the Managed Identity service if available. This method is called b |
| | | 75 | | /// </summary> |
| | | 76 | | /// <param name="requestContext">The details of the authentication request.</param> |
| | | 77 | | /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> |
| | | 78 | | /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls, or a default < |
| | | 79 | | public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = d |
| | | 80 | | { |
| | 34 | 81 | | return GetTokenImplAsync(false, requestContext, cancellationToken).EnsureCompleted(); |
| | | 82 | | } |
| | | 83 | | |
| | | 84 | | private async ValueTask<AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, Cancellat |
| | | 85 | | { |
| | 66 | 86 | | using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", r |
| | | 87 | | |
| | | 88 | | try |
| | | 89 | | { |
| | 66 | 90 | | AccessToken result = async ? await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).C |
| | | 91 | | |
| | 24 | 92 | | return scope.Succeeded(result); |
| | | 93 | | } |
| | 42 | 94 | | catch (Exception e) |
| | | 95 | | { |
| | 42 | 96 | | throw scope.FailWrapAndThrow(e); |
| | | 97 | | } |
| | 24 | 98 | | } |
| | | 99 | | } |
| | | 100 | | } |