allo to pass auth via env vars

Signed-off-by: Sylvain Hellegouarch <sh@defuze.org>
chaostoolkit-incubator · Jul 11, 2023 · 95a5ae4 · 95a5ae4
1 parent 9cc3015
commit 95a5ae4
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,15 @@
 
 ## [Unreleased][]
 
-[Unreleased]: https://github.com/chaostoolkit-incubator/chaostoolkit-azure/compare/0.13.0...HEAD
+[Unreleased]: https://github.com/chaostoolkit-incubator/chaostoolkit-azure/compare/0.14.0...HEAD
+
+## [0.14.0][] - 2023-07-11
+
+[0.14.0]: https://github.com/chaostoolkit-incubator/chaostoolkit-azure/compare/0.13.0...0.14.0
+
+### Added
+
+* Can now read authentication from environment variables
 
 ## [0.13.0][] - 2023-07-11
 

diff --git a/README.md b/README.md
@@ -67,7 +67,22 @@ The extension will first try to load the configuration from the `experiment file
 
 ### Credentials
 
-- Secrets in the Experiment file
+#### Environment Variables
+
+You can pass credentials via the following environment variables:
+
+- AZURE_CLIENT_ID
+- AZURE_CLIENT_SECRET
+- AZURE_TENANT_ID
+
+Or:
+
+- AZURE_CLIENT_ID
+- AZURE_ACCESS_TOKEN
+
+#### Experiment Secrets
+
+You may also pass them via the secrets block of the experiment:
 
   ```json
   {
@@ -91,7 +106,7 @@ The extension will first try to load the configuration from the `experiment file
     "client_id": "your-super-secret-client-id",
     "client_secret": "your-even-more-super-secret-client-secret",
     "tenant_id": "your-tenant-id",
-    "azure_cloud": "AZURE_CHINA_CLOUD"
+    "cloud": "AZURE_CHINA_CLOUD"
   }
   ```
 
@@ -102,11 +117,16 @@ The extension will first try to load the configuration from the `experiment file
   - AZURE_PUBLIC_CLOUD
   - AZURE_US_GOV_CLOUD
 
+  Either of these values can be passed via `AZURE_CLOUD` as well.
+
+
   [vault_secrets]: https://docs.chaostoolkit.org/reference/api/experiment/#vault-secrets
   [env_secrets]: https://docs.chaostoolkit.org/reference/api/experiment/#environment-secrets
 
 
-- Secrets in the Azure credential file
+#### Azure Credential File
+
+You may also pass them via the Azure credential file:
 
   You can retrieve a credentials file with your subscription ID already in place by signing in to Azure using the az login command followed by the az ad sp create-for-rbac command
 

diff --git a/chaosazure/__init__.py b/chaosazure/__init__.py
@@ -30,7 +30,7 @@
     "init_website_management_client", "init_resource_graph_client", "init_netapp_management_client",
     "init_storage_management_client"
 ]
-__version__ = '0.13.0'
+__version__ = '0.14.0'
 
 
 def discover(discover_system: bool = True) -> Discovery:

diff --git a/chaosazure/auth/__init__.py b/chaosazure/auth/__init__.py
@@ -1,4 +1,5 @@
 import contextlib
+import os
 from typing import Dict
 
 from chaoslib.exceptions import InterruptExecution
@@ -105,6 +106,12 @@ def __authentication_type(secrets: dict) -> str:
     elif 'access_token' in secrets and secrets['access_token']:
         return AAD_TOKEN
 
+    elif os.getenv("AZURE_CLIENT_SECRET"):
+        return SERVICE_PRINCIPAL
+
+    elif os.getenv("AZURE_ACCESS_TOKEN"):
+        return AAD_TOKEN
+
     else:
         raise InterruptExecution(
             "Authentication to Azure requires a"

diff --git a/chaosazure/auth/authentication.py b/chaosazure/auth/authentication.py
@@ -1,3 +1,4 @@
+import os
 from abc import ABCMeta, abstractmethod
 from typing import Dict
 
@@ -18,10 +19,10 @@ class ServicePrincipalAuth(Auth):
 
     def create(self, secrets: Dict) -> ClientSecretCredential:
         result = ClientSecretCredential(
-            client_id=secrets.get('client_id'),
-            client_secret=secrets.get('client_secret'),
-            tenant_id=secrets.get('tenant_id'),
-            cloud_environment=secrets.get('cloud')
+            client_id=secrets.get('client_id', os.getenv("AZURE_CLIENT_ID")),
+            client_secret=secrets.get('client_secret', os.getenv("AZURE_CLIENT_SECRET")),
+            tenant_id=secrets.get('tenant_id', os.getenv("AZURE_TENANT_ID")),
+            cloud_environment=secrets.get('cloud', os.getenv("AZURE_CLOUD"))
         )
         return result
 
@@ -30,8 +31,8 @@ class TokenAuth(Auth):
 
     def create(self, secrets: Dict) -> AADTokenCredentials:
         result = AADTokenCredentials(
-            token={"accessToken": secrets['access_token']},
-            client_id=secrets.get('client_id'),
-            cloud_environment=secrets.get('cloud'))
+            token={"accessToken": secrets.get('access_token', os.getenv("AZURE_ACCESS_TOKEN"))},
+            client_id=secrets.get('client_id', os.getenv("AZURE_CLIENT_ID")),
+            cloud_environment=secrets.get('cloud', os.getenv("AZURE_CLOUD")))
 
         return result