private def parseAuthentication()

in connector/src/main/scala/com/microsoft/kusto/spark/utils/KustoDataSourceUtils.scala [228:324]

• 82 lines of code
• 16 McCabe index (conditional complexity)

  private def parseAuthentication(parameters: Map[String, String], clusterUrl: String) = {
    // Parse KustoAuthentication
    val applicationId = parameters.getOrElse(KustoSourceOptions.KUSTO_AAD_APP_ID, "")
    val applicationKey = parameters.getOrElse(KustoSourceOptions.KUSTO_AAD_APP_SECRET, "")
    val applicationCertPath =
      parameters.getOrElse(KustoSourceOptions.KUSTO_AAD_APP_CERTIFICATE_PATH, "")
    val applicationCertPassword =
      parameters.getOrElse(KustoSourceOptions.KUSTO_AAD_APP_CERTIFICATE_PASSWORD, "")
    val tokenProviderCoordinates =
      parameters.getOrElse(KustoSourceOptions.KUSTO_TOKEN_PROVIDER_CALLBACK_CLASSPATH, "")
    val keyVaultAppId: String = parameters.getOrElse(KustoSourceOptions.KEY_VAULT_APP_ID, "")
    val keyVaultAppKey = parameters.getOrElse(KustoSourceOptions.KEY_VAULT_APP_KEY, "")
    val keyVaultUri: String = parameters.getOrElse(KustoSourceOptions.KEY_VAULT_URI, "")
    val keyVaultPemFile = parameters.getOrElse(KustoDebugOptions.KEY_VAULT_PEM_FILE_PATH, "")
    val keyVaultCertKey = parameters.getOrElse(KustoDebugOptions.KEY_VAULT_CERTIFICATE_KEY, "")
    val accessToken: String = parameters.getOrElse(KustoSourceOptions.KUSTO_ACCESS_TOKEN, "")
    val userPrompt: Option[String] = parameters.get(KustoSourceOptions.KUSTO_USER_PROMPT)
    var authentication: KustoAuthentication = null
    var keyVaultAuthentication: Option[KeyVaultAuthentication] = None

    val managedIdentityAuth: Boolean =
      parameters.getOrElse(KustoSourceOptions.KUSTO_MANAGED_IDENTITY_AUTH, "false").toBoolean
    val maybeManagedClientId: Option[String] =
      parameters.get(KustoSourceOptions.KUSTO_MANAGED_IDENTITY_CLIENT_ID)

    val authorityId: String =
      parameters.getOrElse(KustoSourceOptions.KUSTO_AAD_AUTHORITY_ID, DefaultMicrosoftTenant)

    // Check KeyVault Authentication
    if (keyVaultUri != "") {
      if (keyVaultAppId.nonEmpty) {
        keyVaultAuthentication = Some(
          KeyVaultAppAuthentication(keyVaultUri, keyVaultAppId, keyVaultAppKey, authorityId))
      } else {
        keyVaultAuthentication = Some(
          KeyVaultCertificateAuthentication(
            keyVaultUri,
            keyVaultPemFile,
            keyVaultCertKey,
            authorityId))
      }
    }

    // Look for conflicts
    var numberOfAuthenticationMethods = 0
    if (applicationId.nonEmpty) numberOfAuthenticationMethods += 1
    if (accessToken.nonEmpty) numberOfAuthenticationMethods += 1
    if (tokenProviderCoordinates.nonEmpty) numberOfAuthenticationMethods += 1
    if (keyVaultUri.nonEmpty) numberOfAuthenticationMethods += 1
    if (numberOfAuthenticationMethods > 1) {
      throw new IllegalArgumentException(
        "More than one authentication methods were provided. Failing.")
    }

    // Resolve authentication
    if (applicationId.nonEmpty) {
      // Application authentication
      if (applicationKey.nonEmpty) {
        authentication = AadApplicationAuthentication(applicationId, applicationKey, authorityId)
      } else if (applicationCertPath.nonEmpty) {
        authentication = AadApplicationCertificateAuthentication(
          applicationId,
          applicationCertPath,
          applicationCertPassword,
          authorityId)
      }
    } else if (managedIdentityAuth) {
      // Authentication for managed Identity
      authentication = ManagedIdentityAuthentication(maybeManagedClientId)
    } else if (accessToken.nonEmpty) {
      // Authentication by token
      authentication = KustoAccessTokenAuthentication(accessToken)
    } else if (tokenProviderCoordinates.nonEmpty) {
      // Authentication by token provider
      val classLoader = Thread.currentThread().getContextClassLoader
      val c1 = classLoader
        .loadClass(tokenProviderCoordinates)
        .getConstructor(parameters.getClass)
        .newInstance(parameters)
      val tokenProviderCallback = c1.asInstanceOf[Callable[String]]

      authentication = KustoTokenProviderAuthentication(tokenProviderCallback)
    } else if (keyVaultUri.isEmpty) {
      if (userPrompt.isDefined) {
        // Use only for local run where you can open the browser and logged in as your user
        authentication = KustoUserPromptAuthentication(authorityId)
      } else {
        logWarn(
          "parseSourceParameters",
          "No authentication method was supplied - using device code authentication. The token should last for one hour")
        val deviceCodeProvider = new DeviceAuthentication(clusterUrl, authorityId)
        val accessToken = deviceCodeProvider.acquireToken()
        authentication = KustoAccessTokenAuthentication(accessToken)
      }
    }
    (authentication, keyVaultAuthentication)
  }