implement more auth methods and add options for armclient and msgraphclient

mblaschke · mblaschke · commit b6a5eb843e88 · 2026-01-27T20:27:31.000+01:00
Signed-off-by: Markus Blaschke &lt;mail@markus-blaschke.de&gt;
diff --git a/azuresdk/README.md b/azuresdk/README.md
@@ -6,6 +6,7 @@
 
 | Variable name                                      | Default               | Description                                                                                                                                                                                                                           |
 |----------------------------------------------------|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `AZURE_AUTH_METHOD` (or `AZURE_AUTH`)              | none                  | Defines the force auth method, fallback is the default auth method from the azure-sdk-for-go                                                                                                                                          |
 | `AZURE_SERVICEDISCOVERY_CACHE_TTL`                 | `60m` (time.Duration) | ServiceDiscovery cache (eg. subscription, resourceGroup list,...)                                                                                                                                                                     |
 | `AZURE_SERVICEDISCOVERY_SUBSCRIPTION_ID`           |                       | Subscription IDs separated by commas or spaces (whitespaces are trimmed)                                                                                                                                                              |
 | `AZURE_SERVICEDISCOVERY_SUBSCRIPTION_TAG_SELECTOR` |                       | Tag selector `tagName=tagValue,tagName2=tagValue2` to filter subscriptions for ServiceDiscovery (uses [kubernetes label selector library](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)) |
@@ -32,9 +33,17 @@ Hint: please also check [microsoft azure-sdk documentation](https://docs.microso
 
 #### AzureCLI authentication
 
-To force authentication via AzureCLI set `AZURE_AUTH=az` and the token is fetched from Azure CLI.
+To force authentication via AzureCLI set `AZURE_AUTH_METHOD=az` and the token is fetched from Azure CLI.
 For this method the `az` binary must be executable in `$PATH` (inside the container/environment).
 
+#### Interactive browser authentication
+
+To force authentication via interactive browser set `AZURE_AUTH_METHOD=interactive`.
+
+#### Interactive devicetoken authentication
+
+To force authentication via device token set `AZURE_AUTH_METHOD=devicetoken`.
+
 #### WorkloadIdentity/Federation authentication
 
 To force authentication via WorkloadIdentity/Federation set `AZURE_AUTH=federation`.
diff --git a/azuresdk/armclient/client.go b/azuresdk/armclient/client.go
@@ -50,7 +50,7 @@ type (
 )
 
 // NewArmClientFromEnvironment creates new Azure SDK ARM client from environment settings
-func NewArmClientFromEnvironment(logger *slog.Logger) (*ArmClient, error) {
+func NewArmClientFromEnvironment(logger *slog.Logger, opts ...ClientOptionFunc) (*ArmClient, error) {
 	var azureEnvironment string
 
 	if azureEnvironment = os.Getenv("AZURE_ENVIRONMENT"); azureEnvironment == "" {
@@ -62,11 +62,11 @@ func NewArmClientFromEnvironment(logger *slog.Logger) (*ArmClient, error) {
 		}
 	}
 
-	return NewArmClientWithCloudName(azureEnvironment, logger)
+	return NewArmClientWithCloudName(azureEnvironment, logger, opts...)
 }
 
 // NewArmClient creates new Azure SDK ARM client
-func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger *slog.Logger) *ArmClient {
+func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger *slog.Logger, opts ...ClientOptionFunc) *ArmClient {
 	client := &ArmClient{}
 	client.cloud = cloudConfig
 
@@ -81,17 +81,21 @@ func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger *slog.Logger)
 	client.initCache()
 	client.initServiceDiscovery()
 
+	for _, opt := range opts {
+		opt(client)
+	}
+
 	return client
 }
 
 // NewArmClientWithCloudName creates new Azure SDK ARM client with environment name as string
-func NewArmClientWithCloudName(cloudName string, logger *slog.Logger) (*ArmClient, error) {
+func NewArmClientWithCloudName(cloudName string, logger *slog.Logger, opts ...ClientOptionFunc) (*ArmClient, error) {
 	cloudConfig, err := cloudconfig.NewCloudConfig(cloudName)
 	if err != nil {
 		return nil, err
 	}
 
-	return NewArmClient(cloudConfig, logger), nil
+	return NewArmClient(cloudConfig, logger, opts...), nil
 }
 
 // init cache
diff --git a/azuresdk/armclient/client.options.go b/azuresdk/armclient/client.options.go
@@ -0,0 +1,21 @@
+package armclient
+
+import (
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+)
+
+type ClientOptionFunc func(*ArmClient)
+
+// WithCred sets the az credential
+func WithCred(cred *azcore.TokenCredential) ClientOptionFunc {
+	return func(client *ArmClient) {
+		client.cred = cred
+	}
+}
+
+// WithUserAgent sets the HTTP user agent
+func WithUserAgent(userAgent string) ClientOptionFunc {
+	return func(client *ArmClient) {
+		client.userAgent = userAgent
+	}
+}
diff --git a/azuresdk/azidentity/credential.go b/azuresdk/azidentity/credential.go
@@ -26,10 +26,19 @@ const (
 
 func NewAzDefaultCredential(clientOptions *azcore.ClientOptions) (azcore.TokenCredential, error) {
 	// azure authorizer
-	switch strings.ToLower(os.Getenv("AZURE_AUTH")) {
+	authMethod := strings.ToLower(os.Getenv("AZURE_AUTH_METHOD"))
+	if authMethod == "" {
+		authMethod = strings.ToLower(os.Getenv("AZURE_AUTH"))
+	}
+
+	switch authMethod {
 	case "az", "cli", "azcli":
 		// azurecli authentication
 		return NewAzCliCredential()
+	case "devicetoken":
+		return azidentity.NewDeviceCodeCredential(nil)
+	case "interactive", "browser", "interactivebrowser":
+		return azidentity.NewInteractiveBrowserCredential(nil)
 	case "wi", "workload", "workloadidentity", "federation":
 		var tokenFile, tenantID, clientID string
 		var ok bool
diff --git a/msgraphsdk/msgraphclient/client.go b/msgraphsdk/msgraphclient/client.go
@@ -37,7 +37,7 @@ type (
 )
 
 // NewMsGraphClientFromEnvironment creates new MS Graph client from environment settings
-func NewMsGraphClientFromEnvironment(logger *slog.Logger) (*MsGraphClient, error) {
+func NewMsGraphClientFromEnvironment(logger *slog.Logger, opts ...ClientOptionFunc) (*MsGraphClient, error) {
 	var azureEnvironment, azureTenant string
 
 	if azureEnvironment = os.Getenv("AZURE_ENVIRONMENT"); azureEnvironment == "" {
@@ -53,11 +53,11 @@ func NewMsGraphClientFromEnvironment(logger *slog.Logger) (*MsGraphClient, error
 		return nil, fmt.Errorf(`env var AZURE_TENANT_ID is not set`)
 	}
 
-	return NewMsGraphClientWithCloudName(azureEnvironment, azureTenant, logger)
+	return NewMsGraphClientWithCloudName(azureEnvironment, azureTenant, logger, opts...)
 }
 
 // NewMsGraphClient creates new MS Graph client
-func NewMsGraphClient(cloudConfig cloudconfig.CloudEnvironment, tenantID string, logger *slog.Logger) *MsGraphClient {
+func NewMsGraphClient(cloudConfig cloudconfig.CloudEnvironment, tenantID string, logger *slog.Logger, opts ...ClientOptionFunc) *MsGraphClient {
 	client := &MsGraphClient{}
 	client.cloud = cloudConfig
 	client.tenantID = tenantID
@@ -68,16 +68,20 @@ func NewMsGraphClient(cloudConfig cloudconfig.CloudEnvironment, tenantID string,
 	client.logger = logger
 	client.userAgent = "go-common/unknown"
 
+	for _, opt := range opts {
+		opt(client)
+	}
+
 	return client
 }
 
 // NewMsGraphClientWithCloudName creates new MS Graph client with environment name as string
-func NewMsGraphClientWithCloudName(cloudName string, tenantID string, logger *slog.Logger) (*MsGraphClient, error) {
+func NewMsGraphClientWithCloudName(cloudName string, tenantID string, logger *slog.Logger, opts ...ClientOptionFunc) (*MsGraphClient, error) {
 	cloudConfig, err := cloudconfig.NewCloudConfig(cloudName)
 	if err != nil {
 		return nil, err
 	}
-	return NewMsGraphClient(cloudConfig, tenantID, logger), nil
+	return NewMsGraphClient(cloudConfig, tenantID, logger, opts...), nil
 }
 
 // ServiceClient returns msgraph service client
diff --git a/msgraphsdk/msgraphclient/client.options.go b/msgraphsdk/msgraphclient/client.options.go
@@ -0,0 +1,21 @@
+package msgraphclient
+
+import (
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+)
+
+type ClientOptionFunc func(*MsGraphClient)
+
+// WithCred sets the az credential
+func WithCred(cred *azcore.TokenCredential) ClientOptionFunc {
+	return func(client *MsGraphClient) {
+		client.cred = cred
+	}
+}
+
+// WithUserAgent sets the HTTP user agent
+func WithUserAgent(userAgent string) ClientOptionFunc {
+	return func(client *MsGraphClient) {
+		client.userAgent = userAgent
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ type (`
`50`	`50`	`)`
`51`	`51`
`52`	`52`	`// NewArmClientFromEnvironment creates new Azure SDK ARM client from environment settings`
`53`		`-func NewArmClientFromEnvironment(logger slog.Logger) (ArmClient, error) {`
	`53`	`+func NewArmClientFromEnvironment(logger slog.Logger, opts ...ClientOptionFunc) (ArmClient, error) {`
`54`	`54`	`var azureEnvironment string`
`55`	`55`
`56`	`56`	`if azureEnvironment = os.Getenv("AZURE_ENVIRONMENT"); azureEnvironment == "" {`
`@@ -62,11 +62,11 @@ func NewArmClientFromEnvironment(logger slog.Logger) (ArmClient, error) {`
`62`	`62`	`}`
`63`	`63`	`}`
`64`	`64`
`65`		`- return NewArmClientWithCloudName(azureEnvironment, logger)`
	`65`	`+ return NewArmClientWithCloudName(azureEnvironment, logger, opts...)`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`// NewArmClient creates new Azure SDK ARM client`
`69`		`-func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger slog.Logger) ArmClient {`
	`69`	`+func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger slog.Logger, opts ...ClientOptionFunc) ArmClient {`
`70`	`70`	`client := &ArmClient{}`
`71`	`71`	`client.cloud = cloudConfig`
`72`	`72`
`@@ -81,17 +81,21 @@ func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger *slog.Logger)`
`81`	`81`	`client.initCache()`
`82`	`82`	`client.initServiceDiscovery()`
`83`	`83`
	`84`	`+ for _, opt := range opts {`
	`85`	`+ opt(client)`
	`86`	`+ }`
	`87`	`+`
`84`	`88`	`return client`
`85`	`89`	`}`
`86`	`90`
`87`	`91`	`// NewArmClientWithCloudName creates new Azure SDK ARM client with environment name as string`
`88`		`-func NewArmClientWithCloudName(cloudName string, logger slog.Logger) (ArmClient, error) {`
	`92`	`+func NewArmClientWithCloudName(cloudName string, logger slog.Logger, opts ...ClientOptionFunc) (ArmClient, error) {`
`89`	`93`	`cloudConfig, err := cloudconfig.NewCloudConfig(cloudName)`
`90`	`94`	`if err != nil {`
`91`	`95`	`return nil, err`
`92`	`96`	`}`
`93`	`97`
`94`		`- return NewArmClient(cloudConfig, logger), nil`
	`98`	`+ return NewArmClient(cloudConfig, logger, opts...), nil`
`95`	`99`	`}`
`96`	`100`
`97`	`101`	`// init cache`