mirror of
https://github.com/rclone/rclone.git
synced 2024-12-23 07:29:35 +01:00
azureblob: support simple "environment credentials"
As per https://learn.microsoft.com/en-us/dotnet/api/azure.identity.environmentcredential?view=azure-dotnet This supports only AZURE_CLIENT_SECRET-based authentication, as with the existing service principal support. Co-authored-by: Nick Craig-Wood <nick@craig-wood.com>
This commit is contained in:
parent
6f3682c12f
commit
f7cdf318db
@ -88,6 +88,15 @@ Leave blank normally. Needed only if you want to use a service principal instead
|
|||||||
|
|
||||||
See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to blob data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
|
See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to blob data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
|
||||||
`,
|
`,
|
||||||
|
}, {
|
||||||
|
Name: "env_auth",
|
||||||
|
Help: `Read credentials from runtime (environment variables).
|
||||||
|
|
||||||
|
Pull credentials from AZURE_TENANT_ID and AZURE_CLIENT_{ID,SECRET} environment vars.
|
||||||
|
See EnvironmentCredential in the Azure docs for more info.
|
||||||
|
|
||||||
|
Other authentication methods will, if specified, override this flag.`,
|
||||||
|
Default: false,
|
||||||
}, {
|
}, {
|
||||||
Name: "key",
|
Name: "key",
|
||||||
Help: "Storage Account Key.\n\nLeave blank to use SAS URL or Emulator.",
|
Help: "Storage Account Key.\n\nLeave blank to use SAS URL or Emulator.",
|
||||||
@ -270,6 +279,7 @@ type Options struct {
|
|||||||
Account string `config:"account"`
|
Account string `config:"account"`
|
||||||
ServicePrincipalFile string `config:"service_principal_file"`
|
ServicePrincipalFile string `config:"service_principal_file"`
|
||||||
Key string `config:"key"`
|
Key string `config:"key"`
|
||||||
|
EnvAuth bool `config:"env_auth"`
|
||||||
UseMSI bool `config:"use_msi"`
|
UseMSI bool `config:"use_msi"`
|
||||||
MSIObjectID string `config:"msi_object_id"`
|
MSIObjectID string `config:"msi_object_id"`
|
||||||
MSIClientID string `config:"msi_client_id"`
|
MSIClientID string `config:"msi_client_id"`
|
||||||
@ -714,20 +724,29 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
|
|||||||
} else {
|
} else {
|
||||||
serviceURL = azblob.NewServiceURL(*u, pipeline)
|
serviceURL = azblob.NewServiceURL(*u, pipeline)
|
||||||
}
|
}
|
||||||
case opt.ServicePrincipalFile != "":
|
case opt.ServicePrincipalFile != "" || opt.EnvAuth:
|
||||||
// Create a standard URL.
|
// Create a standard URL.
|
||||||
u, err = url.Parse(fmt.Sprintf("https://%s.%s", opt.Account, opt.Endpoint))
|
u, err = url.Parse(fmt.Sprintf("https://%s.%s", opt.Account, opt.Endpoint))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to make azure storage url from account and endpoint: %w", err)
|
return nil, fmt.Errorf("failed to make azure storage url from account and endpoint: %w", err)
|
||||||
}
|
}
|
||||||
// Try loading service principal credentials from file.
|
|
||||||
loadedCreds, err := os.ReadFile(env.ShellExpand(opt.ServicePrincipalFile))
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("error opening service principal credentials file: %w", err)
|
|
||||||
}
|
|
||||||
var spCredentials servicePrincipalCredentials
|
var spCredentials servicePrincipalCredentials
|
||||||
if err := json.Unmarshal(loadedCreds, &spCredentials); err != nil {
|
if opt.ServicePrincipalFile != "" {
|
||||||
return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err)
|
// Try loading service principal credentials from file.
|
||||||
|
loadedCreds, err := os.ReadFile(env.ShellExpand(opt.ServicePrincipalFile))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error opening service principal credentials file: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := json.Unmarshal(loadedCreds, &spCredentials); err != nil {
|
||||||
|
return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
spCredentials = servicePrincipalCredentials{
|
||||||
|
Tenant: os.Getenv("AZURE_TENANT_ID"),
|
||||||
|
AppID: os.Getenv("AZURE_CLIENT_ID"),
|
||||||
|
Password: os.Getenv("AZURE_CLIENT_SECRET"),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// Create a token refresher from service principal credentials.
|
// Create a token refresher from service principal credentials.
|
||||||
tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
|
tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
|
||||||
|
Loading…
Reference in New Issue
Block a user