public static ManagedIdentitySource TryCreate(ManagedIdentityClientOptions options) { string msiEndpoint = EnvironmentVariables.MsiEndpoint; // if ONLY the env var MSI_ENDPOINT is set the MsiType is CloudShell if (string.IsNullOrEmpty(msiEndpoint)) { return(default);
protected AppServiceManagedIdentitySource(CredentialPipeline pipeline, Uri endpoint, string secret, ManagedIdentityClientOptions options) : base(pipeline) { _endpoint = endpoint; _secret = secret; _clientId = options.ClientId; _resourceId = options.ResourceIdentifier?.ToString(); }
private CloudShellManagedIdentitySource(Uri endpoint, ManagedIdentityClientOptions options) : base(options.Pipeline) { _endpoint = endpoint; if (!string.IsNullOrEmpty(options.ClientId) || null != options.ResourceIdentifier) { AzureIdentityEventSource.Singleton.UserAssignedManagedIdentityNotSupported("Cloud Shell"); } }
public static ManagedIdentitySource TryCreate(ManagedIdentityClientOptions options) { var msiSecret = EnvironmentVariables.MsiSecret; return(TryValidateEnvVars(EnvironmentVariables.MsiEndpoint, msiSecret, out Uri endpointUri) ? new AppServiceV2017ManagedIdentitySource(options.Pipeline, endpointUri, msiSecret, options) : null); }
private static ManagedIdentitySource SelectManagedIdentitySource(ManagedIdentityClientOptions options) { return(AppServiceV2017ManagedIdentitySource.TryCreate(options) ?? CloudShellManagedIdentitySource.TryCreate(options) ?? AzureArcManagedIdentitySource.TryCreate(options) ?? ServiceFabricManagedIdentitySource.TryCreate(options) ?? TokenExchangeManagedIdentitySource.TryCreate(options) ?? new ImdsManagedIdentitySource(options)); }
public static ManagedIdentitySource TryCreate(ManagedIdentityClientOptions options) { string msiEndpoint = EnvironmentVariables.MsiEndpoint; string msiSecret = EnvironmentVariables.MsiSecret; // if BOTH the env vars MSI_ENDPOINT and MSI_SECRET are set the MsiType is AppService if (string.IsNullOrEmpty(msiEndpoint) || string.IsNullOrEmpty(msiSecret)) { return(default);
public static ManagedIdentitySource TryCreate(ManagedIdentityClientOptions options) { string identityEndpoint = EnvironmentVariables.IdentityEndpoint; string imdsEndpoint = EnvironmentVariables.ImdsEndpoint; // if BOTH the env vars IDENTITY_ENDPOINT and IMDS_ENDPOINT are set the MsiType is Azure Arc if (string.IsNullOrEmpty(identityEndpoint) || string.IsNullOrEmpty(imdsEndpoint)) { return(default);
public static ManagedIdentitySource TryCreate(ManagedIdentityClientOptions options) { string tokenFilePath = EnvironmentVariables.AzureFederatedTokenFile; string tenantId = EnvironmentVariables.TenantId; string clientId = options.ClientId ?? EnvironmentVariables.ClientId; if (string.IsNullOrEmpty(tokenFilePath) || string.IsNullOrEmpty(tenantId) || string.IsNullOrEmpty(clientId)) { return(default);
public static ManagedIdentitySource TryCreate(ManagedIdentityClientOptions options) { string identityEndpoint = EnvironmentVariables.IdentityEndpoint; string identityHeader = EnvironmentVariables.IdentityHeader; string identityServerThumbprint = EnvironmentVariables.IdentityServerThumbprint; if (string.IsNullOrEmpty(identityEndpoint) || string.IsNullOrEmpty(identityHeader) || string.IsNullOrEmpty(identityServerThumbprint)) { return(default);
public ManagedIdentityClient(ManagedIdentityClientOptions options) { if (options.ClientId != null && options.ResourceIdentifier != null) { throw new ArgumentException( $"{nameof(ManagedIdentityClientOptions)} cannot specify both {nameof(options.ResourceIdentifier)} and {nameof(options.ClientId)}."); } ClientId = options.ClientId; Pipeline = options.Pipeline; _identitySource = new Lazy <ManagedIdentitySource>(() => SelectManagedIdentitySource(options)); }
public static async ValueTask <ManagedIdentitySource> TryCreateAsync(ManagedIdentityClientOptions options, bool async, CancellationToken cancellationToken) { // if the PodIdenityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist if (!string.IsNullOrEmpty(EnvironmentVariables.PodIdentityEndpoint)) { var builder = new UriBuilder(EnvironmentVariables.PodIdentityEndpoint); builder.Path = imddsTokenPath; return(new ImdsManagedIdentitySource(options.Pipeline, options.ClientId, builder.Uri)); } AzureIdentityEventSource.Singleton.ProbeImdsEndpoint(s_imdsEndpoint); bool available; // try to create a TCP connection to the IMDS IP address. If the connection can be established // we assume that IMDS is available. If connecting times out or fails to connect assume that // IMDS is not available in this environment. try { using var client = new TcpClient(); Task connectTask = client.ConnectAsync(s_imdsHostIp, s_imdsPort); if (async) { using var cts = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken); cts.CancelAfter(ImdsAvailableTimeoutMs); await connectTask.AwaitWithCancellation(cts.Token); available = client.Connected; } else { available = connectTask.Wait(ImdsAvailableTimeoutMs, cancellationToken) && client.Connected; } if (available) { AzureIdentityEventSource.Singleton.ImdsEndpointFound(s_imdsEndpoint); } else { AzureIdentityEventSource.Singleton.ImdsEndpointUnavailable(s_imdsEndpoint, "Establishing a connection timed out or failed without exception."); } } catch (Exception e) { AzureIdentityEventSource.Singleton.ImdsEndpointUnavailable(s_imdsEndpoint, e); available = false; } return(available ? new ImdsManagedIdentitySource(options.Pipeline, options.ClientId) : default);
internal ImdsManagedIdentitySource(ManagedIdentityClientOptions options) : base(options.Pipeline) { _clientId = options.ClientId; _imdsNetworkTimeout = options.InitialImdsConnectionTimeout; if (!string.IsNullOrEmpty(EnvironmentVariables.PodIdentityEndpoint)) { var builder = new UriBuilder(EnvironmentVariables.PodIdentityEndpoint); builder.Path = imddsTokenPath; _imdsEndpoint = builder.Uri; } else { _imdsEndpoint = s_imdsEndpoint; } }
public static async ValueTask <ManagedIdentitySource> TryCreateAsync(ManagedIdentityClientOptions options, bool async, CancellationToken cancellationToken) { AzureIdentityEventSource.Singleton.ProbeImdsEndpoint(s_imdsEndpoint); bool available; // try to create a TCP connection to the IMDS IP address. If the connection can be established // we assume that IMDS is available. If connecting times out or fails to connect assume that // IMDS is not available in this environment. try { using var client = new TcpClient(); Task connectTask = client.ConnectAsync(s_imdsHostIp, s_imdsPort); if (async) { using var cts = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken); cts.CancelAfter(ImdsAvailableTimeoutMs); await connectTask.AwaitWithCancellation(cts.Token); available = client.Connected; } else { available = connectTask.Wait(ImdsAvailableTimeoutMs, cancellationToken) && client.Connected; } } catch { available = false; } if (available) { AzureIdentityEventSource.Singleton.ImdsEndpointFound(s_imdsEndpoint); } else { AzureIdentityEventSource.Singleton.ImdsEndpointUnavailable(s_imdsEndpoint); } return(available ? new ImdsManagedIdentitySource(options.Pipeline, options.ClientId) : default);
public static ManagedIdentitySource TryCreate(ManagedIdentityClientOptions options) { string msiEndpoint = EnvironmentVariables.MsiEndpoint; // if ONLY the env var MSI_ENDPOINT is set the MsiType is CloudShell if (string.IsNullOrEmpty(msiEndpoint)) { return default; } Uri endpointUri; try { endpointUri = new Uri(msiEndpoint); } catch (FormatException ex) { throw new AuthenticationFailedException(MsiEndpointInvalidUriError, ex); } return new CloudShellManagedIdentitySource(endpointUri, options); }
public ManagedIdentityClient(ManagedIdentityClientOptions options) { ClientId = options.ClientId; Pipeline = options.Pipeline; _identitySource = new Lazy <ManagedIdentitySource>(() => SelectManagedIdentitySource(options)); }
private AppServiceV2017ManagedIdentitySource(CredentialPipeline pipeline, Uri endpoint, string secret, ManagedIdentityClientOptions options) : base(pipeline, endpoint, secret, options) { }
public ManagedIdentityClient(ManagedIdentityClientOptions options) { _options = options; ClientId = options.ClientId; Pipeline = options.Pipeline; }