Skip to content
This repository has been archived by the owner on Aug 17, 2022. It is now read-only.

RedeployAB/re-az-authentication

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

re-az-authentication

Test

Authenticate with the Azure REST API.

Content

Information

Small and lightweight module to handle authentication against the Azure REST API.

Supported authentication styles (v0.1.0):

  • Service Principals (Azure AD Applications)
  • MSI (Managed Identity)

Install

npm install re-az-authentication

Usage

Service Principals

*With environment variables AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID set

const AZAuthentication = require('re-az-authentication');

// Promise chaining.
AZAuthentication.authenticateWithServicePrincipal()
  .then(credentials => {
    let headers: { Authorization: `Bearer ${credentials.access_token}`}
    return webreq.get('https://management.azure.com/subscriptions?api-version=2016-06-01', { headers: headers });
  })
  .then(subscriptions => {
      // And so on.
  })
  .catch(error => {
      console.log(error);
  });

// Async/Await.
let credentials, subscriptions;
try {
  credentials = await AZAuthentication.authenticateWithServicePrincipal();
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  subscriptions = await webreq.get('https://management.azure.com/subscriptions?api-version=2016-06-01', { headers: headers });
} catch (error) {
  console.log(error);
}

To specify a specific resource to authenticate with, specify it in options

const AZAuthentication = require('re-az-authentication');

let credentials, secrets;
try {
  credentials = await AZAuthentication.authenticateWithServicePrincipal({ resource: 'https://vault.azure.net' });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  secrets = await webreq.get('https://<vault>.vault.azure.net/secrets?api-version=7.0', { headers: headers });
} catch (error) {
  console.log(error);
}

// Or with a predefined type.
let credentials, secrets;
try {
  credentials = await AZAuthentication.authenticateWithServicePrincipal({ type: 'keyvault' });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  secrets = await webreq.get('https://<vault>.vault.azure.net/secrets?api-version=7.0', { headers: headers });
} catch (error) {
  console.log(error);
}

To specify Azure Cloud to authenticate with, specify it in options

// Supported Azure Clouds:
//
// 'azure' (default)
// 'azureUSGovernment'
// 'azureGermany'
// 'azureChina'
//
// or:
//
// AZAuthentication.AZURE (default)
// AZAuthentication.AZURE_US_GOVERNMENT
// AZAuthentication.AZURE_GERMANY
// AZAuthentication.AZURE_CHINA

const AZAuthentication = require('re-az-authentication');

let credentials;

try {
  credentials = await AZAuthentication.authenticateWithServicePrincipal({ environment: 'azureGermany' });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  subscriptions = await webreq.get('https://management.azure.com/subscriptions?api-version=2016-06-01', { headers: headers });
} catch (errpr) {
  console.log(error)
}

// Alternative.
try {
  credentials = await AZAuthentication.authenticateWithServicePrincipal({ environment: AZAuthentication.AZURE_GERMANY });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  subscriptions = await webreq.get('https://management.azure.com/subscriptions?api-version=2016-06-01', { headers: headers });
} catch (errpr) {
  console.log(error)
}

Managed Identity (MSI)

This requries that the Azure Resource has Identity enabled. This sets the environment variables MSI_ENDPOINT and MSI_SECRET.

The default behaviour is using system assigned identity.

To use user assigned identity either set MSI_CLIENT_ID or pass clientId: <msi-client-id> in the options.

System assigned

const AZAuthentication = require('re-az-authentication');

// Promise chaining.
AZAuthentication.authenticateWithMSI({type: 'keyvault'})
  .then(credentials => {
    let headers: { Authorization: `Bearer ${credentials.access_token}`}
    return webreq.get('https://<vault>.vault.azure.net/secrets?api-version=7.0', { headers: headers });
  })
  .then(secrets => {
      // And so on.
  })
  .catch(error => {
      console.log(error);
  });

// Async/Await.
let credentials, secrets;
try {
  credentials = await AZAuthentication.authenticateWithMSI({ resource: 'https://vault.azure.net' });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  secrets = await webreq.get('https://<vault>.vault.azure.net/secrets?api-version=7.0', { headers: headers });
} catch (error) {
  console.log(error);
}

User assigned

const AZAuthentication = require('re-az-authentication');

// Promise chaining.
// Optionally instead of passing clientId, set an environment variable,
// MSI_CLIENT_ID.
AZAuthentication.authenticateWithMSI({type: 'keyvault', clientId: '<ID>'})
  .then(credentials => {
    let headers: { Authorization: `Bearer ${credentials.access_token}`}
    return webreq.get('https://<vault>.vault.azure.net/secrets?api-version=7.0', { headers: headers });
  })
  .then(secrets => {
      // And so on.
  })
  .catch(error => {
      console.log(error);
  });

// Async/Await.
// Optionally instead of passing clientId, set an environment variable,
// MSI_CLIENT_ID.
let credentials, secrets;
try {
  credentials = await AZAuthentication.authenticateWithMSI({ resource: 'https://vault.azure.net', clientId: '<ID>' });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  secrets = await webreq.get('https://<vault>.vault.azure.net/secrets?api-version=7.0', { headers: headers });
} catch (error) {
  console.log(error);
}

To specify Azure Cloud to authenticate with, specify it in options

// Supported Azure Clouds:
//
// 'azure' (default)
// 'azureUSGovernment'
// 'azureGermany'
// 'azureChina'
//
// or:
//
// AZAuthentication.AZURE (default)
// AZAuthentication.AZURE_US_GOVERNMENT
// AZAuthentication.AZURE_GERMANY
// AZAuthentication.AZURE_CHINA
const AZAuthentication = require('re-az-authentication');

let credentials, secrets;
try {
  credentials = await AZAuthentication.authenticateWithMSI({ environment: 'azureGermany' });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  subscriptions = await webreq.get('https://management.azure.com/subscriptions?api-version=2016-06-01', { headers: headers });
} catch (error) {
  console.log(error);
}

// Alternative.
try {
  credentials = await AZAuthentication.authenticateWithMSI({ environment: AZAuthentication.AZURE_GERMANY });
  let headers: { Authorization: `Bearer ${credentials.access_token}`}
  subscriptions = await webreq.get('https://management.azure.com/subscriptions?api-version=2016-06-01', { headers: headers });
} catch (error) {
  console.log(error);
}

About

Handle authentication to Azure.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages