in graph/task.go [433:493]
func ResolveCustomRegistryCredentials(ctx context.Context, credentials []*RegistryCredential) (RegistryLoginCredentials, error) {
resolvedCreds := make(RegistryLoginCredentials)
var unresolvedCreds []*secretmgmt.Secret
for _, cred := range credentials {
if cred == nil {
continue
}
resolvedCreds[cred.Registry] = &ResolvedRegistryCred{
Username: &secretmgmt.Secret{
ID: cred.Registry,
},
Password: &secretmgmt.Secret{
ID: cred.Registry,
},
}
isMSI := false
usernameSecretObject := resolvedCreds[cred.Registry].Username
passwordSecretObject := resolvedCreds[cred.Registry].Password
switch cred.UsernameType {
case Opaque:
usernameSecretObject.ResolvedValue = cred.Username
case VaultSecret:
usernameSecretObject.KeyVault = cred.Username
usernameSecretObject.MsiClientID = cred.Identity
unresolvedCreds = append(unresolvedCreds, usernameSecretObject)
case "":
isMSI = true
}
switch cred.PasswordType {
case Opaque:
passwordSecretObject.ResolvedValue = cred.Password
case VaultSecret:
passwordSecretObject.KeyVault = cred.Password
passwordSecretObject.MsiClientID = cred.Identity
unresolvedCreds = append(unresolvedCreds, passwordSecretObject)
}
if isMSI {
usernameSecretObject.ResolvedValue = "00000000-0000-0000-0000-000000000000"
passwordSecretObject.MsiClientID = cred.Identity
passwordSecretObject.AadResourceID = cred.AadResourceID
unresolvedCreds = append(unresolvedCreds, passwordSecretObject)
}
}
secretResolver, err := secretmgmt.NewSecretResolver(nil, secretmgmt.DefaultSecretResolveTimeout)
if err != nil {
return nil, errors.Wrap(err, "failed to create secret resolver")
}
err = secretResolver.ResolveSecrets(ctx, unresolvedCreds)
if err != nil {
return nil, errors.Wrap(err, "failed to resolve secrets")
}
return resolvedCreds, nil
}