• Home
• com.azure
• azure-identity
• 1.14.2
• source code
• AzureCliCredential.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.azure.identity.AzureCliCredential Maven / Gradle / Ivy

// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

package com.azure.identity;

import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
import com.azure.identity.implementation.IdentityClientBuilder;
import com.azure.identity.implementation.IdentityClientOptions;
import com.azure.identity.implementation.IdentitySyncClient;
import com.azure.identity.implementation.util.LoggingUtil;
import reactor.core.publisher.Mono;

/**
 * 
The Azure CLI is a command-line tool that allows users to manage Azure resources from their local machine or
 * terminal. It allows users to
 * authenticate interactively as a
 * user and/or a service principal against
 * Microsoft Entra ID.
 * The AzureCliCredential authenticates in a development environment and acquires a token on behalf of the
 * logged-in user or service principal in Azure CLI. It acts as the Azure CLI logged in user or service principal
 * and executes an Azure CLI command underneath to authenticate the application against Microsoft Entra ID.
 *
 * 
Configure AzureCliCredential
 *
 * 
 To use this credential, the developer needs to authenticate locally in Azure CLI using one of the commands
 * below:
 *
 * 

 *     
Run "az login" in Azure CLI to authenticate as a user.
 *     
Run "az login --service-principal --username {client ID} --password {client secret} --tenant {tenant ID}"
 *     to authenticate as a service principal.
 * 
 *
 * 
You may need to repeat this process after a certain time period, depending on the refresh token validity in your
 * organization. Generally, the refresh token validity period is a few weeks to a few months. AzureCliCredential will
 * prompt you to sign in again.
 *
 * 
Sample: Construct AzureCliCredential
 *
 * 
The following code sample demonstrates the creation of a {@link com.azure.identity.AzureCliCredential},
 * using the {@link com.azure.identity.AzureCliCredentialBuilder} to configure it. Once this credential is
 * created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential'
 * parameter.
 *
 * 
 * 
 * TokenCredential azureCliCredential = new AzureCliCredentialBuilder().build();
 * 
 * 
 *
 * @see com.azure.identity
 * @see AzureCliCredentialBuilder
 */
@Immutable
public class AzureCliCredential implements TokenCredential {
    private static final ClientLogger LOGGER = new ClientLogger(AzureCliCredential.class);

    private final IdentityClient identityClient;
    private final IdentitySyncClient identitySyncClient;

    /**
     * Creates an AzureCliSecretCredential with default identity client options.
     * @param tenantId the tenant id of the application
     * @param identityClientOptions the options to configure the identity client
     */
    AzureCliCredential(String tenantId, IdentityClientOptions identityClientOptions) {
        IdentityClientBuilder builder
            = new IdentityClientBuilder().tenantId(tenantId).identityClientOptions(identityClientOptions);

        identityClient = builder.build();
        identitySyncClient = builder.buildSyncClient();
    }

    @Override
    public Mono getToken(TokenRequestContext request) {
        return identityClient.authenticateWithAzureCli(request)
            .doOnNext(token -> LoggingUtil.logTokenSuccess(LOGGER, request))
            .doOnError(
                error -> LoggingUtil.logTokenError(LOGGER, identityClient.getIdentityClientOptions(), request, error))
            .onErrorMap(error -> {
                if (identityClient.getIdentityClientOptions().isChained()) {
                    return new CredentialUnavailableException(error.getMessage(), error);
                } else {
                    return error;
                }
            });
    }

    @Override
    public AccessToken getTokenSync(TokenRequestContext request) {
        try {
            AccessToken accessToken = identitySyncClient.authenticateWithAzureCli(request);
            LoggingUtil.logTokenSuccess(LOGGER, request);
            return accessToken;
        } catch (Exception e) {
            LoggingUtil.logTokenError(LOGGER, identityClient.getIdentityClientOptions(), request, e);
            if (identityClient.getIdentityClientOptions().isChained()) {
                throw new CredentialUnavailableException(e.getMessage(), e);
            } else {
                throw e;
            }
        }
    }
}