Merge pull request #16 from chef/russellseymour/credentials

Using Credentials
2025-02-16 05:58:39 +00:00 · 2017-02-23 14:39:36 +00:00 · 2017-02-23 14:39:36 +00:00 · 6d420f35ec
commit 6d420f35ec
parent b011b71a27 fe2cf1dc41
2 changed files with 43 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -49,6 +49,12 @@ Note that this file format supports multiple subscription_ids.  By default `insp
 AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" inspec exec inspec-azure
 ```

+Alternatively, if you know that the subscription you want to use is the second one in you credentials file then you can use the following:
+
+```bash
+AZURE_SUBSCRIPTION_NUMBER=2 inspec exec inspec-azure
+```
+
 ### Environment variables

 It is possible to not have a credentials file at all and specify all of the required information as the following environment variables:
--- a/lib/resources/azure/azure_backend.rb
+++ b/lib/resources/azure/azure_backend.rb
@ -40,22 +40,50 @@ class AzureConnection
    # If a connection already exists then return it
    return @conn if defined?(@conn)

-    # Determine if more than one subscription is specified in the configuration file, if so use the first one
-    if @credentials.sections.length >= 1
-      @subscription_id = @credentials.sections[0]
-    else
-      @subscription_id = ENV['AZURE_SUBSCRIPTION_ID']
-    end
+    @subscription_id = azure_subscription_id
+
+    # Check that the credential exists
+    raise format('The specified Azure Subscription cannot be found in your credentials: %s', subscription_id) unless @credentials.sections.include?(subscription_id)

    # Determine the client_id, tenant_id and the client_secret
-    tenant_id = ENV['AZURE_TENANT_ID'] || @credentials[@subscription_id]['tenant_id']
-    client_id = ENV['AZURE_CLIENT_ID'] || @credentials[@subscription_id]['client_id']
-    client_secret = ENV['AZURE_CLIENT_SECRET'] || @credentials[@subscription_id]['client_secret']
+    tenant_id = ENV['AZURE_TENANT_ID'] || @credentials[subscription_id]['tenant_id']
+    client_id = ENV['AZURE_CLIENT_ID'] || @credentials[subscription_id]['client_id']
+    client_secret = ENV['AZURE_CLIENT_SECRET'] || @credentials[subscription_id]['client_secret']

    # Create a new connection
    token_provider = MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret)
    @conn = MsRest::TokenCredentials.new(token_provider)
  end
+
+  private
+
+  # Return the subscrtiption ID to use
+  #
+  # @author Russell Seymour
+  def azure_subscription_id
+    # If a subscription has been specified as an environment variable use that
+    # If an index has been specified with AZURE_SUBSCRIPTION_INDEX attempt to use that value
+    # Otherwise use the first entry in the file
+    if !ENV['AZURE_SUBSCRIPTION_ID'].nil?
+      id = ENV['AZURE_SUBSCRIPTION_ID']
+    elsif !ENV['AZURE_SUBSCRIPTION_NUMBER'].nil?
+
+      subscription_number = ENV['AZURE_SUBSCRIPTION_NUMBER'].to_i
+      subscription_index = subscription_number - 1
+
+      # Check that the specified index is not greater than the number of subscriptions
+      if subscription_number > @credentials.sections.length
+        raise format('Your credentials file only contains %s subscriptions.  You specified number %s.', @credentials.sections.length, subscription_number)
+      end
+
+      id = @credentials.sections[subscription_index]
+    else
+      id = @credentials.sections[0]
+    end
+
+    # Return the ID to the calling function
+    id
+  end
 end

 # Helper class to configure and give access to the various management components of Azure