in pkg/internal/token/provider.go [25:86]
func NewAzIdentityCredential(record azidentity.AuthenticationRecord, o *Options) (CredentialProvider, error) {
switch o.LoginMethod {
case AzureCLILogin:
return newAzureCLICredential(o)
case AzureDeveloperCLILogin:
return newAzureDeveloperCLICredential(o)
case DeviceCodeLogin:
switch {
case o.IsLegacy:
return newADALDeviceCodeCredential(o)
default:
return newDeviceCodeCredential(o, record)
}
case InteractiveLogin:
switch {
case o.IsPoPTokenEnabled:
return newInteractiveBrowserCredentialWithPoP(o)
default:
return newInteractiveBrowserCredential(o, record)
}
case MSILogin:
return newManagedIdentityCredential(o)
case ROPCLogin:
switch {
case o.IsPoPTokenEnabled:
return newUsernamePasswordCredentialWithPoP(o)
default:
return newUsernamePasswordCredential(o, record)
}
case ServicePrincipalLogin:
switch {
case o.IsLegacy && o.ClientCert != "":
return newADALClientCertCredential(o)
case o.IsLegacy:
return newADALClientSecretCredential(o)
case o.ClientCert != "" && o.IsPoPTokenEnabled:
return newClientCertificateCredentialWithPoP(o)
case o.ClientCert != "":
return newClientCertificateCredential(o)
case o.IsPoPTokenEnabled:
return newClientSecretCredentialWithPoP(o)
default:
return newClientSecretCredential(o)
}
case WorkloadIdentityLogin:
switch {
case os.Getenv(actionsIDTokenRequestToken) != "" && os.Getenv(actionsIDTokenRequestURL) != "":
return newGithubActionsCredential(o)
default:
return newWorkloadIdentityCredential(o)
}
}
return nil, errors.New("unsupported token provider")
}