feat(azure): added support for multiple azure MSI profiles (#141)

Author: pacificcode

.changes/unreleased/🎉 New Product Feature-20240530-132405.yaml

@@ -0,0 +1,5 @@
+kind: "\U0001F389 New Product Feature"
+body: |-
+  Added support for multiple Azure MSI profiles. When selecting Azure as the profile auth-provider the user is prompted to enter the clientID for the MSI (managed identity) they would like to use for this profile. The clientID is stored in the profile config file i.e. .dsv.yml.
+  the clientID is retrieved from the config when ever azure authentication is required.
+time: 2024-05-30T13:24:05.15961-07:00

auth/auth.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"os"
 	"reflect"
 	"strings"
 	"time"
@@ -268,6 +269,11 @@ func (a *authenticator) newRequestBody(at AuthType) (*requestBody, error) {
 		data, stdErr = buildAwsParams(awsProfile)
 
 	case FederatedAzure:
+		clientID := os.Getenv("AZURE_CLIENT_ID")
+		if clientID == "" {
+			clientID = viper.GetString("auth.clientID")
+			os.Setenv("AZURE_CLIENT_ID", clientID)
+		}
 		data, stdErr = buildAzureParams()
 
 	case FederatedGcp:

auth/auth_test.go

@@ -210,6 +210,8 @@ func TestGetToken_CachedRefreshToken(t *testing.T) {
 }
 
 // TODO:  need to refactor the code and rewrite
+//
+//nolint:perfsprint //errors.go needs work to implement here
 func TestGetToken(t *testing.T) {
 	testCases := []struct {
 		auth          string
@@ -218,7 +220,7 @@ func TestGetToken(t *testing.T) {
 		expectedError error
 	}{
 		{"password", "none", nil, fmt.Errorf("error")},
-		// {"azure", "none", nil, errors.New("error")},
+		{"azure", "none", nil, fmt.Errorf("error")},
 		//{"gcp", "none", nil, errors.New("error")},
 		{"aws", "none", nil, fmt.Errorf("error")},
 		{"refresh", "none", nil, fmt.Errorf("error")},

commands/cli-config.go

@@ -684,6 +684,7 @@ func handleCliConfigInitCmd(vcli vaultcli.CLI, args []string) int {
 
 	// Authentication type and authentication data.
 	authType := viper.GetString(cst.AuthType)
+	clientID := ""
 	if authType == "" {
 		authType, err = promptAuthType()
 		if err != nil {
@@ -693,7 +694,6 @@ func handleCliConfigInitCmd(vcli vaultcli.CLI, args []string) int {
 		viper.Set(cst.AuthType, authType)
 	}
 	prf.Set(authType, cst.NounAuth, cst.Type)
-
 	var user, password, passwordKey, encryptionKeyFileName string
 
 	authProvider := viper.GetString(cst.AuthProvider)
@@ -761,6 +761,15 @@ func handleCliConfigInitCmd(vcli vaultcli.CLI, args []string) int {
 			viper.Set(cst.AuthClientSecret, clientSecret)
 		}
 
+	case authType == string(auth.FederatedAzure):
+		clientID, err = promptAzureClientID()
+		if err != nil {
+			vcli.Out().WriteResponse(nil, errors.New(err))
+		}
+		viper.Set("clientID", clientID)
+		os.Setenv("AZURE_CLIENT_ID", strings.TrimSpace(clientID))
+		prf.Set(clientID, cst.NounAuth, "clientID")
+
 	case auth.AuthType(authType) == auth.FederatedAws:
 		awsProfile := viper.GetString(cst.AwsProfile)
 		if awsProfile == "" {
@@ -863,7 +872,6 @@ func handleCliConfigInitCmd(vcli vaultcli.CLI, args []string) int {
 				ui.Output(authError.Error())
 				return 1
 			}
-
 			ui.Output("Failed to authenticate, restoring previous config.")
 			ui.Output("Please check your credentials, or tenant name, or domain name and try again.")
 			return 1
@@ -942,6 +950,17 @@ type initializeRequest struct {
 	Password string
 }
 
+func promptAzureClientID() (string, error) {
+	clientID := ""
+	clientIDPrompt := &survey.Input{Message: "Please enter a clientID for this Azure profile:"}
+
+	survErr := survey.AskOne(clientIDPrompt, &clientID)
+	if survErr != nil {
+		return "", survErr
+	}
+	return strings.TrimSpace(clientID), nil
+}
+
 func promptDomain() (string, error) {
 	var domain string
 	domainPrompt := &survey.Select{