azure_identity 1.0.0

Rust wrappers around Microsoft Azure REST APIs - Azure identity helper crate
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

//! Demonstrates how to define a custom [`TokenCredential`] that selects a
//! specific credential based on an environment variable.

use azure_core::{
    credentials::{AccessToken, TokenCredential, TokenRequestOptions},
    error::{ErrorKind, ResultExt},
    Error,
};
use azure_identity::AzureCliCredential;
use azure_identity::{ManagedIdentityCredential, WorkloadIdentityCredential};
use std::sync::Arc;

// Define the variable name and possible values you want to detect from the environment.
const AZURE_CREDENTIAL_KIND: &str = "AZURE_CREDENTIAL_KIND";
mod azure_credential_kinds {
    pub const AZURE_CLI: &str = "azurecli";
    pub const MANAGED_IDENTITY: &str = "managedidentity";
    pub const WORKLOAD_IDENTITY: &str = "workloadidentity";
}

#[derive(Debug)]
enum SpecificAzureCredentialKind {
    AzureCli(Arc<AzureCliCredential>),
    ManagedIdentity(Arc<ManagedIdentityCredential>),
    WorkloadIdentity(Arc<WorkloadIdentityCredential>),
}

#[async_trait::async_trait]
impl TokenCredential for SpecificAzureCredentialKind {
    async fn get_token(
        &self,
        scopes: &[&str],
        options: Option<TokenRequestOptions<'_>>,
    ) -> azure_core::Result<AccessToken> {
        match self {
            SpecificAzureCredentialKind::AzureCli(credential) => {
                credential.get_token(scopes, options).await
            }
            SpecificAzureCredentialKind::ManagedIdentity(credential) => {
                credential.get_token(scopes, options).await
            }
            SpecificAzureCredentialKind::WorkloadIdentity(credential) => {
                credential.get_token(scopes, options).await
            }
        }
    }
}

/// Define a credential that uses an environment variable named `AZURE_CREDENTIAL_KIND`
/// that creates the appropriate [`TokenCredential`].
#[derive(Debug)]
pub struct SpecificAzureCredential {
    source: SpecificAzureCredentialKind,
}

impl SpecificAzureCredential {
    pub fn new() -> azure_core::Result<SpecificAzureCredential> {
        let credential_type = std::env::var(AZURE_CREDENTIAL_KIND)
            .map_err(|err| Error::new(ErrorKind::Other, err))?;
        let source: SpecificAzureCredentialKind =
            // case insensitive and allow spaces
            match credential_type.replace(' ', "").to_lowercase().as_str() {
                azure_credential_kinds::MANAGED_IDENTITY => {
                    ManagedIdentityCredential::new(None)
                        .map(SpecificAzureCredentialKind::ManagedIdentity)
                        .with_context_fn(ErrorKind::Credential, || {
                            format!(
                                "unable to create AZURE_CREDENTIAL_KIND of {}",
                                azure_credential_kinds::MANAGED_IDENTITY
                            )
                        })?
                }
                azure_credential_kinds::AZURE_CLI => AzureCliCredential::new(None)
                    .map(SpecificAzureCredentialKind::AzureCli)
                    .with_context_fn(ErrorKind::Credential, || {
                        format!(
                            "unable to create AZURE_CREDENTIAL_KIND of {}",
                            azure_credential_kinds::AZURE_CLI
                        )
                    })?,
                azure_credential_kinds::WORKLOAD_IDENTITY => {
                    WorkloadIdentityCredential::new(None)
                        .map(SpecificAzureCredentialKind::WorkloadIdentity)
                        .with_context_fn(ErrorKind::Credential, || {
                            format!(
                                "unable to create AZURE_CREDENTIAL_KIND of {}",
                                azure_credential_kinds::WORKLOAD_IDENTITY
                            )
                        })?
                }
                _ => {
                    return Err(Error::with_message_fn(ErrorKind::Credential, || {
                        format!("unknown AZURE_CREDENTIAL_KIND of {}", credential_type)
                    }))
                }
            };
        Ok(Self { source })
    }
}

#[async_trait::async_trait]
impl TokenCredential for SpecificAzureCredential {
    async fn get_token(
        &self,
        scopes: &[&str],
        options: Option<TokenRequestOptions<'_>>,
    ) -> azure_core::Result<AccessToken> {
        self.source.get_token(scopes, options).await
    }
}