Merge pull request #49 from salt-extensions/bug_keyvault

Fix TypeError for ManagedIdentityCredential when using service principal credentials
salt-extensions · Mar 15, 2024 · c9150b5 · c9150b5
2 parents 49102d0 + 7b96fa6
commit c9150b5
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/changelog/46.fixed.md b/changelog/46.fixed.md
@@ -0,0 +1 @@
+Fixed TypeError for ManagedIdentityCredential when using service principal credentials.
diff --git a/src/saltext/azurerm/utils/azurerm.py b/src/saltext/azurerm/utils/azurerm.py
@@ -99,14 +99,19 @@ def _determine_auth(**kwargs):
         )
 
     try:
-        credentials = DefaultAzureCredential(authority=authority, **kwargs)
+        if "client_id" in kwargs and "tenant" in kwargs and "secret" in kwargs:
+            credentials = get_identity_credentials(**kwargs)
+        else:
+            kwargs.pop("client_id")
+            credentials = DefaultAzureCredential(authority=authority, **kwargs)
     except ClientAuthenticationError:
         raise SaltInvocationError(  # pylint: disable=raise-missing-from
             "Unable to determine credentials. "
             "A subscription_id with username and password, "
             "or client_id, secret, and tenant or a profile with the "
             "required parameters populated"
         )
+
     try:
         subscription_id = salt.utils.stringutils.to_str(kwargs["subscription_id"])
     except KeyError:
@@ -174,7 +179,6 @@ def get_client(client_type, **kwargs):
             base_url=cloud_env.endpoints.resource_manager,
             user_agent_policy=user_agent,
         )
-
     return client
 
 
@@ -332,7 +336,6 @@ def get_identity_credentials(**kwargs):
     for keyword, value in kwarg_map.items():
         if kwargs.get(keyword):
             os.environ[value] = kwargs[keyword]
-
     try:
         if kwargs.get("cloud_environment") and kwargs.get("cloud_environment").startswith("http"):
             authority = kwargs["cloud_environment"]
@@ -341,10 +344,16 @@ def get_identity_credentials(**kwargs):
                 KnownAuthorities, kwargs.get("cloud_environment", "AZURE_PUBLIC_CLOUD")
             )
         log.debug("AUTHORITY: %s", authority)
+
     except AttributeError as exc:
         log.error('Unknown authority presented for "cloud_environment": %s', exc)
         authority = KnownAuthorities.AZURE_PUBLIC_CLOUD
 
-    credential = DefaultAzureCredential(authority=authority)
+    try:
+        credential = DefaultAzureCredential(authority=authority)
+    except ClientAuthenticationError:
+        raise SaltInvocationError(  # pylint: disable=raise-missing-from
+            "Unable to determine credentials. "
+        )
 
     return credential
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fixed TypeError for ManagedIdentityCredential when using service principal credentials.