jasonwbarnett · April 23, 2020 16:15
diff --git a/azure-msi.patch b/azure-msi.patch
 diff --git a/lib/kitchen/driver/azure_credentials.rb b/lib/kitchen/driver/azure_credentials.rb
 index 0d38784..4def42c 100644
 --- a/lib/kitchen/driver/azure_credentials.rb
 +++ b/lib/kitchen/driver/azure_credentials.rb
 @@ -28,7 +28,7 @@ module Kitchen
         if File.file?(config_file)
           @credentials = IniFile.load(File.expand_path(config_file))
         else
 -          warn "#{CONFIG_PATH} was not found or not accessible."
 +          warn "#{CONFIG_PATH} was not found or not accessible. Will use environment variables or MSI."
         end
       end

 @@ -38,33 +38,50 @@ module Kitchen
       # @return [Object] Object that can be supplied along with all Azure client requests.
       #
       def azure_options
 -        options = { tenant_id: tenant_id,
 -                    client_id: client_id,
 -                    client_secret: client_secret,
 +        options = { tenant_id: tenant_id!,
                     subscription_id: subscription_id,
                     credentials: ::MsRest::TokenCredentials.new(token_provider),
                     active_directory_settings: ad_settings,
                     base_url: endpoint_settings.resource_manager_endpoint_url }
 -
 +        options[:client_id] = client_id if client_id
 +        options[:client_secret] = client_secret if client_secret
         options
       end

       private

 +      def credentials
 +        @credentials ||= {}
 +      end
 +
 +      def credentials_property(property)
 +        credentials[subscription_id]&.[](property)
 +      end
 +
 +      def tenant_id!
 +        tenant_id || raise("Must provide tenant id. Use AZURE_TENANT_ID environment variable or set it in credentials file")
 +      end
 +
       def tenant_id
 -        ENV["AZURE_TENANT_ID"] || @credentials[subscription_id]["tenant_id"]
 +        ENV["AZURE_TENANT_ID"] || credentials_property("tenant_id")
       end

       def client_id
 -        ENV["AZURE_CLIENT_ID"] || @credentials[subscription_id]["client_id"]
 +        ENV["AZURE_CLIENT_ID"] || credentials_property("client_id")
       end

       def client_secret
 -        ENV["AZURE_CLIENT_SECRET"] || @credentials[subscription_id]["client_secret"]
 +        ENV["AZURE_CLIENT_SECRET"] || credentials_property("client_secret")
       end

       def token_provider
 -        ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
 +        if client_id && client_secret
 +          ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
 +        elsif client_id
 +          ::MsRestAzure::MSITokenProvider.new(50342, ad_settings, { client_id: client_id })
 +        else
 +          ::MsRestAzure::MSITokenProvider.new(50342, ad_settings)
 +        end
       end

       #
	diff --git a/lib/kitchen/driver/azure_credentials.rb b/lib/kitchen/driver/azure_credentials.rb
	index 0d38784..4def42c 100644
	--- a/lib/kitchen/driver/azure_credentials.rb
	+++ b/lib/kitchen/driver/azure_credentials.rb
	@@ -28,7 +28,7 @@ module Kitchen
	if File.file?(config_file)
	@credentials = IniFile.load(File.expand_path(config_file))
	else
	- warn "#{CONFIG_PATH} was not found or not accessible."
	+ warn "#{CONFIG_PATH} was not found or not accessible. Will use environment variables or MSI."
	end
	end

	@@ -38,33 +38,50 @@ module Kitchen
	# @return [Object] Object that can be supplied along with all Azure client requests.
	#
	def azure_options
	- options = { tenant_id: tenant_id,
	- client_id: client_id,
	- client_secret: client_secret,
	+ options = { tenant_id: tenant_id!,
	subscription_id: subscription_id,
	credentials: ::MsRest::TokenCredentials.new(token_provider),
	active_directory_settings: ad_settings,
	base_url: endpoint_settings.resource_manager_endpoint_url }
	-
	+ options[:client_id] = client_id if client_id
	+ options[:client_secret] = client_secret if client_secret
	options
	end

	private

	+ def credentials
	+ @credentials \|\|= {}
	+ end
	+
	+ def credentials_property(property)
	+ credentials[subscription_id]&.[](property)
	+ end
	+
	+ def tenant_id!
	+ tenant_id \|\| raise("Must provide tenant id. Use AZURE_TENANT_ID environment variable or set it in credentials file")
	+ end
	+
	def tenant_id
	- ENV["AZURE_TENANT_ID"] \|\| @credentials[subscription_id]["tenant_id"]
	+ ENV["AZURE_TENANT_ID"] \|\| credentials_property("tenant_id")
	end

	def client_id
	- ENV["AZURE_CLIENT_ID"] \|\| @credentials[subscription_id]["client_id"]
	+ ENV["AZURE_CLIENT_ID"] \|\| credentials_property("client_id")
	end

	def client_secret
	- ENV["AZURE_CLIENT_SECRET"] \|\| @credentials[subscription_id]["client_secret"]
	+ ENV["AZURE_CLIENT_SECRET"] \|\| credentials_property("client_secret")
	end

	def token_provider
	- ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
	+ if client_id && client_secret
	+ ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
	+ elsif client_id
	+ ::MsRestAzure::MSITokenProvider.new(50342, ad_settings, { client_id: client_id })
	+ else
	+ ::MsRestAzure::MSITokenProvider.new(50342, ad_settings)
	+ end
	end

	#