2e39d629a9
This commit adds and implements org.osbuild.azure.image target. Let's talk about the already implemented org.osbuild.azure target firstly: The purpose of this target is to authenticate using the Azure Storage credentials and upload the image file as a Page Blob. Page Blob is basically an object in storage and it cannot be directly used to launch a VM. To achieve that, you need to define an actual Azure Image with the Page Blob attached. For the cloud API, we would like to create an actual Azure Image that is immediately available for new VMs. The new target accomplishes it. To achieve this, it must use a different authentication method: Azure OAuth. The other important difference is that currently, the credentials are stored on the worker and not in target options. This should lead to better security because we don't send the credentials over network. In the future, we would like to have credential-less setup using workers in Azure with the right IAM policies applied but this requires more investigation and is not implemented in this commit. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
35 lines
808 B
Go
35 lines
808 B
Go
package azure
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/BurntSushi/toml"
|
|
)
|
|
|
|
type Credentials struct {
|
|
clientID string
|
|
clientSecret string
|
|
}
|
|
|
|
// ParseAzureCredentialsFile parses a credentials file for azure.
|
|
// The file is in toml format and contains two keys: client_id and
|
|
// client_secret
|
|
//
|
|
// Example of the file:
|
|
// client_id = "clientIdOfMyApplication"
|
|
// client_secret = "ToucanToucan~"
|
|
func ParseAzureCredentialsFile(filename string) (*Credentials, error) {
|
|
var creds struct {
|
|
ClientID string `toml:"client_id"`
|
|
ClientSecret string `toml:"client_secret"`
|
|
}
|
|
_, err := toml.DecodeFile(filename, &creds)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("cannot parse azure credentials: %v", err)
|
|
}
|
|
|
|
return &Credentials{
|
|
clientID: creds.ClientID,
|
|
clientSecret: creds.ClientSecret,
|
|
}, nil
|
|
}
|