Skip to content

Commit dc8075c

Browse files
dbalseiroDiego Balseiro
dbalseiro
authored and
Diego Balseiro
committed
Use Azure SDK library to get the credential and token
1 parent c9d4c54 commit dc8075c

File tree

3 files changed

+34
-23
lines changed

3 files changed

+34
-23
lines changed

go.mod

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,9 @@ require (
8181
contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect
8282
dario.cat/mergo v1.0.2 // indirect
8383
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
84+
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 // indirect
85+
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 // indirect
86+
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
8487
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
8588
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
8689
github.com/Azure/go-autorest/autorest v0.11.30 // indirect
@@ -90,6 +93,7 @@ require (
9093
github.com/Azure/go-autorest/autorest/date v0.3.1 // indirect
9194
github.com/Azure/go-autorest/logger v0.2.2 // indirect
9295
github.com/Azure/go-autorest/tracing v0.6.1 // indirect
96+
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
9397
github.com/BurntSushi/toml v1.5.0 // indirect
9498
github.com/GoogleContainerTools/kaniko v1.24.0 // indirect
9599
github.com/Masterminds/semver/v3 v3.2.1 // indirect
@@ -164,6 +168,7 @@ require (
164168
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
165169
github.com/gogo/protobuf v1.3.2 // indirect
166170
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
171+
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
167172
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
168173
github.com/golang/protobuf v1.5.4 // indirect
169174
github.com/google/btree v1.1.3 // indirect
@@ -195,6 +200,7 @@ require (
195200
github.com/kevinburke/ssh_config v1.2.0 // indirect
196201
github.com/klauspost/compress v1.18.0 // indirect
197202
github.com/klauspost/pgzip v1.2.6 // indirect
203+
github.com/kylelemons/godebug v1.1.0 // indirect
198204
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
199205
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
200206
github.com/magiconair/properties v1.8.7 // indirect
@@ -235,6 +241,7 @@ require (
235241
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
236242
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
237243
github.com/pjbgf/sha1cd v0.3.2 // indirect
244+
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
238245
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
239246
github.com/prometheus/client_golang v1.23.2 // indirect
240247
github.com/prometheus/client_model v0.6.2 // indirect

go.sum

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,12 @@ github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkk
6565
github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
6666
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
6767
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
68+
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc=
69+
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
70+
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4=
71+
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0=
72+
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
73+
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI=
6874
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
6975
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
7076
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
@@ -96,6 +102,8 @@ github.com/Azure/go-autorest/logger v0.2.2/go.mod h1:I5fg9K52o+iuydlWfa9T5K6WFos
96102
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
97103
github.com/Azure/go-autorest/tracing v0.6.1 h1:YUMSrC/CeD1ZnnXcNYU4a/fzsO35u2Fsful9L/2nyR0=
98104
github.com/Azure/go-autorest/tracing v0.6.1/go.mod h1:/3EgjbsjraOqiicERAeu3m7/z0x1TzjQGAwDrJrXGkc=
105+
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
106+
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
99107
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
100108
github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
101109
github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
@@ -460,6 +468,8 @@ github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w
460468
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
461469
github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
462470
github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
471+
github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
472+
github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
463473
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
464474
github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
465475
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -879,6 +889,8 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v
879889
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
880890
github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
881891
github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
892+
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
893+
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
882894
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
883895
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
884896
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

pkg/k8s/keychains.go

Lines changed: 15 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,16 @@
11
package k8s
22

33
import (
4-
"encoding/json"
4+
"context"
55
"fmt"
6-
"os"
7-
"path"
86
"strings"
97

108
"github.com/google/go-containerregistry/pkg/name"
119
"github.com/google/go-containerregistry/pkg/v1/google"
1210

11+
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
12+
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
13+
1314
"knative.dev/func/pkg/creds"
1415
"knative.dev/func/pkg/oci"
1516
)
@@ -55,31 +56,22 @@ func GetACRCredentialLoader() []creds.CredentialsCallback {
5556
return oci.Credentials{}, nil
5657
}
5758

58-
f, err := os.Open(path.Join(os.Getenv("HOME"), ".azure", "accessTokens.json"))
59-
if err != nil {
60-
return oci.Credentials{}, fmt.Errorf("open Azure access tokens: %w", err)
61-
}
62-
defer f.Close()
59+
// TODO: Save token somewhere and check expiration before asking for a new one
6360

64-
var tokens []struct {
65-
AccessToken string `json:"accessToken"`
66-
Resource string `json:"resource"`
61+
azCredential, err := azidentity.NewDefaultAzureCredential(nil)
62+
if err != nil {
63+
return oci.Credentials{}, fmt.Errorf("Failed to create default Azure credentials: %v", err)
6764
}
6865

69-
if err := json.NewDecoder(f).Decode(&tokens); err != nil {
70-
return oci.Credentials{}, fmt.Errorf("decode Azure access tokens: %w", err)
66+
token, err := azCredential.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{"https://management.azure.com/.default"}})
67+
if err != nil {
68+
return oci.Credentials{}, fmt.Errorf("Failed to get Azure access token: %v", err)
7169
}
7270

73-
target := "https://" + registry
74-
for _, t := range tokens {
75-
if t.Resource == target {
76-
return oci.Credentials{
77-
Username: "00000000-0000-0000-0000-000000000000",
78-
Password: t.AccessToken,
79-
}, nil
80-
}
81-
}
82-
return oci.Credentials{}, nil
71+
return oci.Credentials{
72+
Username: "00000000-0000-0000-0000-000000000000",
73+
Password: token.Token,
74+
}, nil
8375
},
8476
}
8577
}

0 commit comments

Comments
 (0)