class TerraformWrapper::Shared::Auths::Azure
Public Class Methods
new(options:, variables:)
click to toggle source
# File lib/terraform-wrapper/shared/auths/azure.rb, line 38 def initialize(options:, variables:) construct(options: options, variables: variables) end
Public Instance Methods
auth()
click to toggle source
# File lib/terraform-wrapper/shared/auths/azure.rb, line 44 def auth() details = subscription_details(subscription: @subscription) subscription = details["id"] tenant = details["tenant"] username = @keyvault.nil? ? nil : secret(vault: @keyvault, name: @secret_username) password = @keyvault.nil? ? nil : secret(vault: @keyvault, name: @secret_password) ENV["ARM_SUBSCRIPTION_ID"] = subscription ENV["ARM_TENANT_ID"] = tenant ENV["ARM_CLIENT_ID"] = username unless username.nil? ENV["ARM_CLIENT_SECRET"] = password unless password.nil? logger.success("Azure authenticator environment variables set!") end
clear()
click to toggle source
# File lib/terraform-wrapper/shared/auths/azure.rb, line 61 def clear() ENV.delete("ARM_SUBSCRIPTION_ID") ENV.delete("ARM_TENANT_ID") logger.info("Azure authenticator environment variables cleared!") end
Private Instance Methods
cli()
click to toggle source
# File lib/terraform-wrapper/shared/auths/azure.rb, line 73 def cli() output = logger.colour ? "yamlc" : "yaml" cmdline = "\"#{@@az}\" version --output \"#{output}\"" return(system(cmdline) || false) end
secret(vault:, name:)
click to toggle source
# File lib/terraform-wrapper/shared/auths/azure.rb, line 81 def secret(vault:, name:) logger.info("Getting secret: #{name}, from key vault: #{vault}...") cmdline = "\"#{@@az}\" keyvault secret show --vault-name \"#{vault}\" --name \"#{name}\" --query \"value\" --output \"tsv\"" stdout = `#{cmdline}` code = $?.exitstatus logger.fatal("Failed to get secret: #{name} from key vault: #{vault}!") if (code != 0 or stdout.strip.empty?) return(stdout.strip) end
specific()
click to toggle source
# File lib/terraform-wrapper/shared/auths/azure.rb, line 124 def specific() keyvault = nil logger.fatal("Azure CLI must be installed and accessible to use the Azure authenticator.") unless cli logger.fatal("Azure authenticator mandatory option 'subscription' has not been set!") unless @options.key?("subscription") logger.fatal("Azure authenticator subscription must be a string!") unless @options["subscription"].kind_of?(String) logger.fatal("Azure authenticator subscription must not be blank!") if @options["subscription"].strip.empty? subscription = @options["subscription"] if @options.key?("keyvault") then logger.fatal("Azure authenticator keyvault name must be a string if specified!") unless @options["keyvault"].kind_of?(String) logger.fatal("Azure authenticator keyvault name must not be blank if specified!") if @options["keyvault"].strip.empty? keyvault = @options["keyvault"] if @options.key?("username-secret") then logger.fatal("Azure authenticator keyvault secret for username must be a string if keyvault name is specified!") unless @options["username-secret"].kind_of?(String) logger.fatal("Azure authenticator keyvault secret for username must not be blank if keyvault name is specified!") if @options["username-secret"].strip.empty? username = @options["username-secret"] else username = "terraform-username" end if @options.key?("password-secret") then logger.fatal("Azure authenticator keyvault secret for password must be a string if keyvault name is specified!") unless @options["password-secret"].kind_of?(String) logger.fatal("Azure authenticator keyvault secret for password must not be blank if keyvault name is specified!") if @options["password-secret"].strip.empty? password = @options["password-secret"] else password = "terraform-password" end end begin @subscription = subscription % @variables.identifiers @keyvault = keyvault % @variables.identifiers unless keyvault.nil? @secret_username = username % @variables.identifiers unless keyvault.nil? @secret_password = password % @variables.identifiers unless keyvault.nil? rescue logger.fatal("Azure authenticator options contain identifiers that are not included in the configuration file!") end end
subscription_details(subscription:)
click to toggle source
# File lib/terraform-wrapper/shared/auths/azure.rb, line 95 def subscription_details(subscription:) logger.info("Looking up details for subscription: #{subscription}...") cmdline = "\"#{@@az}\" account show --subscription \"#{subscription}\" --query \"{id:id,tenant:tenantId}\" --output \"yaml\"" stdout = `#{cmdline}` code = $?.exitstatus logger.fatal("Failed to get details for subscription: #{subscription}!") if code != 0 details = YAML.load(stdout.strip) logger.fatal("Returned details did not include the subscription ID!") unless details.key?("id") logger.fatal("Returned subscription ID is not a string!") unless details["id"].kind_of?(String) logger.fatal("Returned subscription ID is empty!") if details["id"].strip.empty? logger.fatal("Returned details did not include the tenant ID!") unless details.key?("tenant") logger.fatal("Returned tenant ID is not a string!") unless details["tenant"].kind_of?(String) logger.fatal("Returned tenant ID is empty!") if details["tenant"].strip.empty? details.transform_values! { |value| value.strip } logger.debug("Returned subscription ID: #{details["id"]}") logger.debug("Returned tenant ID: #{details["tenant"]}") return(details) end