func newDefaultAzureCredential()

in internal/provider/provider.go [499:574]

• 67 lines of code
• 12 McCabe index (conditional complexity)

func newDefaultAzureCredential(data gen.AlzModel, options *azidentity.DefaultAzureCredentialOptions) (*azidentity.ChainedTokenCredential, diag.Diagnostics) {
	var creds []azcore.TokenCredential
	var diags diag.Diagnostics

	if options == nil {
		options = &azidentity.DefaultAzureCredentialOptions{}
	}

	if data.UseOidc.ValueBool() {
		oidcCred, err := NewOidcCredential(&OidcCredentialOptions{
			ClientOptions: azcore.ClientOptions{
				Cloud: options.Cloud,
			},
			AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
			TenantID:                   data.TenantId.ValueString(),
			ClientID:                   data.ClientId.ValueString(),
			RequestToken:               data.OidcRequestToken.ValueString(),
			RequestUrl:                 data.OidcRequestUrl.ValueString(),
			Token:                      data.OidcToken.ValueString(),
			TokenFilePath:              data.OidcTokenFilePath.ValueString(),
		})

		if err == nil {
			creds = append(creds, oidcCred)
		} else {
			diags.AddWarning("newDefaultAzureCredential failed to initialize oidc credential:\n\t%s", err.Error())
		}
	}

	envCred, err := azidentity.NewEnvironmentCredential(&azidentity.EnvironmentCredentialOptions{
		ClientOptions:            options.ClientOptions,
		DisableInstanceDiscovery: options.DisableInstanceDiscovery,
	})
	if err == nil {
		creds = append(creds, envCred)
	} else {
		diags.AddWarning("newDefaultAzureCredential failed to initialize environment credential:\n\t%s", err.Error())
	}

	if data.UseMsi.ValueBool() {
		o := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions}
		if ID, ok := os.LookupEnv("AZURE_CLIENT_ID"); ok {
			o.ID = azidentity.ClientID(ID)
		}
		miCred, err := newManagedIdentityCredential(o)
		if err == nil {
			creds = append(creds, miCred)
		} else {
			diags.AddWarning("newDefaultAzureCredential failed to initialize msi credential:\n\t%s", err.Error())
		}
	}

	if data.UseCli.ValueBool() {
		cliCred, err := azidentity.NewAzureCLICredential(&azidentity.AzureCLICredentialOptions{
			AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
			TenantID:                   options.TenantID})
		if err == nil {
			creds = append(creds, cliCred)
		} else {
			diags.AddWarning("newDefaultAzureCredential failed to initialize cli credential:\n\t%s", err.Error())
		}
	}

	if len(creds) == 0 {
		diags.AddError("newDefaultAzureCredential failed to initialize any credential", "None of the credentials were initialized")
		return nil, diags
	}

	chain, err := azidentity.NewChainedTokenCredential(creds, nil)
	if err != nil {
		diags.AddError("newDefaultAzureCredential failed to initialize chained credential:\n\t%s", err.Error())
		return nil, diags
	}

	return chain, nil
}