All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.azure.identity.EnvironmentCredential Maven / Gradle / Ivy

// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

package com.azure.identity;

import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.Configuration;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClientOptions;
import com.azure.identity.implementation.util.LoggingUtil;
import com.azure.identity.implementation.util.ValidationUtil;
import reactor.core.publisher.Mono;

/**
 * A credential provider that provides token credentials based on environment variables.  The environment variables
 * expected are:
 * 
    *
  • {@link Configuration#PROPERTY_AZURE_CLIENT_ID AZURE_CLIENT_ID}
  • *
  • {@link Configuration#PROPERTY_AZURE_CLIENT_SECRET AZURE_CLIENT_SECRET}
  • *
  • {@link Configuration#PROPERTY_AZURE_TENANT_ID AZURE_TENANT_ID}
  • *
* or: *
    *
  • {@link Configuration#PROPERTY_AZURE_CLIENT_ID AZURE_CLIENT_ID}
  • *
  • {@link Configuration#PROPERTY_AZURE_CLIENT_CERTIFICATE_PATH AZURE_CLIENT_CERTIFICATE_PATH}
  • *
  • {@link Configuration#PROPERTY_AZURE_TENANT_ID AZURE_TENANT_ID}
  • *
* or: *
    *
  • {@link Configuration#PROPERTY_AZURE_CLIENT_ID AZURE_CLIENT_ID}
  • *
  • {@link Configuration#PROPERTY_AZURE_USERNAME AZURE_USERNAME}
  • *
  • {@link Configuration#PROPERTY_AZURE_PASSWORD AZURE_PASSWORD}
  • *
*/ @Immutable public class EnvironmentCredential implements TokenCredential { private final Configuration configuration; private final ClientLogger logger = new ClientLogger(EnvironmentCredential.class); private final TokenCredential tokenCredential; /** * Creates an instance of the default environment credential provider. * * @param identityClientOptions the options for configuring the identity client */ EnvironmentCredential(IdentityClientOptions identityClientOptions) { this.configuration = Configuration.getGlobalConfiguration().clone(); TokenCredential targetCredential = null; String clientId = configuration.get(Configuration.PROPERTY_AZURE_CLIENT_ID); String tenantId = configuration.get(Configuration.PROPERTY_AZURE_TENANT_ID); String clientSecret = configuration.get(Configuration.PROPERTY_AZURE_CLIENT_SECRET); String certPath = configuration.get(Configuration.PROPERTY_AZURE_CLIENT_CERTIFICATE_PATH); String username = configuration.get(Configuration.PROPERTY_AZURE_USERNAME); String password = configuration.get(Configuration.PROPERTY_AZURE_PASSWORD); ValidationUtil.validateTenantIdCharacterRange(getClass().getSimpleName(), tenantId); LoggingUtil.logAvailableEnvironmentVariables(logger, configuration); if (verifyNotNull(clientId)) { // 1 - Attempt ClientSecretCredential or ClientCertificateCredential if (verifyNotNull(tenantId)) { if (verifyNotNull(clientSecret)) { // 1.1 Attempt ClientSecretCredential logger.info("Azure Identity => EnvironmentCredential invoking ClientSecretCredential"); targetCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, identityClientOptions); } else if (verifyNotNull(certPath)) { // 1.2 Attempt ClientCertificateCredential logger.info("Azure Identity => EnvironmentCredential invoking ClientCertificateCredential"); targetCredential = new ClientCertificateCredential(tenantId, clientId, certPath, null, null, identityClientOptions); } else { // 1.3 Log error if neither is found logger.error("Azure Identity => ERROR in EnvironmentCredential: Failed to create a " + "ClientSecretCredential or ClientCertificateCredential. Missing required environment " + "variable either {} or {}", Configuration.PROPERTY_AZURE_CLIENT_SECRET, Configuration.PROPERTY_AZURE_CLIENT_CERTIFICATE_PATH); } } else if (verifyNotNull(clientSecret) || verifyNotNull(certPath)) { // 1.4 Log error if secret / cert is found but tenant is missing logger.error("Azure Identity => ERROR in EnvironmentCredential: Failed to create a " + "ClientSecretCredential or ClientCertificateCredential. Missing required environment " + "variable {}", Configuration.PROPERTY_AZURE_TENANT_ID); } // 2 - Attempt UsernamePasswordCredential (tenant not required) if (targetCredential == null && verifyNotNull(username, password)) { // 2.1 - both username and password found logger.info("Azure Identity => EnvironmentCredential invoking UsernamePasswordCredential"); targetCredential = new UsernamePasswordCredential(clientId, tenantId, username, password, identityClientOptions); } else if (verifyNotNull(username) ^ verifyNotNull(password)) { // 2.2 - only one is found, likely missing the other logger.error("Azure Identity => ERROR in EnvironmentCredential: Failed to create a " + "UsernamePasswordCredential. Missing required environment variable {}", username == null ? Configuration.PROPERTY_AZURE_USERNAME : Configuration.PROPERTY_AZURE_PASSWORD); } // 3 - cannot determine scenario based on clientId alone if (targetCredential == null) { String msg = String.format("Azure Identity => ERROR in EnvironmentCredential: Failed to determine an " + "authentication scheme based on the available environment variables. Please specify %1$s and " + "%2$s to authenticate through a ClientSecretCredential; %1$s and %3$s to authenticate through a " + "ClientCertificateCredential; or %4$s and %5$s to authenticate through a " + "UserPasswordCredential.", Configuration.PROPERTY_AZURE_TENANT_ID, Configuration.PROPERTY_AZURE_CLIENT_SECRET, Configuration.PROPERTY_AZURE_CLIENT_CERTIFICATE_PATH, Configuration.PROPERTY_AZURE_USERNAME, Configuration.PROPERTY_AZURE_PASSWORD); logger.error(msg); } } else { // 4 - not even clientId is available logger.error("Azure Identity => ERROR in EnvironmentCredential: Missing required environment variable {}", Configuration.PROPERTY_AZURE_CLIENT_ID); } tokenCredential = targetCredential; } @Override public Mono getToken(TokenRequestContext request) { if (tokenCredential == null) { return Mono.error(logger.logExceptionAsError(new CredentialUnavailableException( "EnvironmentCredential authentication unavailable." + " Environment variables are not fully configured."))); } else { return tokenCredential.getToken(request); } } private boolean verifyNotNull(String... configs) { for (String config: configs) { if (config == null) { return false; } } return true; } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy