func getTokenCredential()

in internal/provider/provider.go [414:441]

• 25 lines of code
• 4 McCabe index (conditional complexity)

func getTokenCredential(data gen.AlzModel) (*azidentity.ChainedTokenCredential, diag.Diagnostics) {
	var diags diag.Diagnostics
	var cloudConfig cloud.Configuration
	env := data.Environment.ValueString()
	switch strings.ToLower(env) {
	case "public":
		cloudConfig = cloud.AzurePublic
	case "usgovernment":
		cloudConfig = cloud.AzureGovernment
	case "china":
		cloudConfig = cloud.AzureChina
	default:
		diags.AddError("Could not determine cloud configuration", "Valid values are 'public', 'usgovernment', or 'china'")
		return nil, diags
	}

	auxTenants := listElementsToStrings(data.AuxiliaryTenantIds.Elements())

	option := &azidentity.DefaultAzureCredentialOptions{
		AdditionallyAllowedTenants: auxTenants,
		ClientOptions: azcore.ClientOptions{
			Cloud: cloudConfig,
		},
		TenantID: data.TenantId.ValueString(),
	}

	return newDefaultAzureCredential(data, option)
}