feat: add oidc account support for azure web app deployment target (#534)

Author: grace-rehn

pkg/cmd/target/azure-web-app/create/create.go

@@ -24,9 +24,9 @@ import (
 	"github.com/spf13/cobra"
 )
 
-type GetAllAzureAccounts func() ([]*accounts.AzureServicePrincipalAccount, error)
-type GetAllAzureWebApps func(account *accounts.AzureServicePrincipalAccount) ([]*azure.AzureWebApp, error)
-type GetAllAzureWebAppSlots func(account *accounts.AzureServicePrincipalAccount, app *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error)
+type GetAllAzureAccounts func() ([]accounts.IAccount, error)
+type GetAllAzureWebApps func(account accounts.IAccount) ([]*azure.AzureWebApp, error)
+type GetAllAzureWebAppSlots func(account accounts.IAccount, app *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error)
 
 const (
 	FlagName          = "name"
@@ -85,13 +85,13 @@ func NewCreateOptions(createFlags *CreateFlags, dependencies *cmd.Dependencies)
 		CreateTargetEnvironmentOptions: shared.NewCreateTargetEnvironmentOptions(dependencies),
 		CreateTargetTenantOptions:      shared.NewCreateTargetTenantOptions(dependencies),
 		WorkerPoolOptions:              shared.NewWorkerPoolOptionsForCreateTarget(dependencies),
-		GetAllAzureAccounts: func() ([]*accounts.AzureServicePrincipalAccount, error) {
+		GetAllAzureAccounts: func() ([]accounts.IAccount, error) {
 			return getAllAzureAccounts(*dependencies.Client)
 		},
-		GetAllAzureWebApps: func(account *accounts.AzureServicePrincipalAccount) ([]*azure.AzureWebApp, error) {
+		GetAllAzureWebApps: func(account accounts.IAccount) ([]*azure.AzureWebApp, error) {
 			return getAllAzureWebapps(*dependencies.Client, account)
 		},
-		GetAllAzureWebAppSlots: func(account *accounts.AzureServicePrincipalAccount, webapp *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
+		GetAllAzureWebAppSlots: func(account accounts.IAccount, webapp *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
 			return getAllAzureWebAppSlots(*dependencies.Client, account, webapp)
 		},
 	}
@@ -115,7 +115,7 @@ func NewCmdCreate(f factory.Factory) *cobra.Command {
 
 	flags := cmd.Flags()
 	flags.StringVarP(&createFlags.Name.Value, createFlags.Name.Name, "n", "", "A short, memorable, unique name for this Azure Web App.")
-	flags.StringVar(&createFlags.Account.Value, createFlags.Account.Name, "", "The name or ID of the Azure Service Principal account")
+	flags.StringVar(&createFlags.Account.Value, createFlags.Account.Name, "", "The name or ID of the Azure account")
 	flags.StringVar(&createFlags.ResourceGroup.Value, createFlags.ResourceGroup.Name, "", "The resource group of the Azure Web App")
 	flags.StringVar(&createFlags.WebApp.Value, createFlags.WebApp.Name, "", "The name of the Azure Web App for this deployment target")
 	flags.StringVar(&createFlags.Slot.Value, createFlags.Slot.Name, "", "The name of the Azure Web App Slot for this deployment target")
@@ -145,6 +145,10 @@ func createRun(opts *CreateOptions) error {
 		return err
 	}
 
+	if !isAzureAccount(account) {
+		return fmt.Errorf("account '%s' is not a valid Azure account", account.GetName())
+	}
+
 	endpoint := machines.NewAzureWebAppEndpoint()
 	endpoint.AccountID = account.GetID()
 	endpoint.WebAppName = opts.WebApp.Value
@@ -212,15 +216,15 @@ func PromptMissing(opts *CreateOptions) error {
 	return nil
 }
 
-func PromptForAccount(opts *CreateOptions) (*accounts.AzureServicePrincipalAccount, error) {
-	var account *accounts.AzureServicePrincipalAccount
+func PromptForAccount(opts *CreateOptions) (accounts.IAccount, error) {
+	var account accounts.IAccount
 	if opts.Account.Value == "" {
 		selectedAccount, err := selectors.Select(
 			opts.Ask,
 			"Select the Azure Account to use\n",
 			opts.GetAllAzureAccounts,
-			func(p *accounts.AzureServicePrincipalAccount) string {
-				return (*p).GetName()
+			func(p accounts.IAccount) string {
+				return fmt.Sprintf("%s (%s)", p.GetName(), getAzureAccountTypeName(p))
 			})
 		if err != nil {
 			return nil, err
@@ -234,11 +238,11 @@ func PromptForAccount(opts *CreateOptions) (*accounts.AzureServicePrincipalAccou
 		account = a
 	}
 
-	opts.Account.Value = account.Name
+	opts.Account.Value = account.GetName()
 	return account, nil
 }
 
-func PromptForWebApp(opts *CreateOptions, account *accounts.AzureServicePrincipalAccount) error {
+func PromptForWebApp(opts *CreateOptions, account accounts.IAccount) error {
 	webapps, err := opts.GetAllAzureWebApps(account)
 	if err != nil {
 		return err
@@ -309,16 +313,47 @@ func PromptForWebApp(opts *CreateOptions, account *accounts.AzureServicePrincipa
 	return nil
 }
 
-func getAllAzureWebAppSlots(client client.Client, spAccount *accounts.AzureServicePrincipalAccount, webapp *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
-	slots, err := azure.GetWebSiteSlots(client, spAccount, webapp)
+func isAzureAccount(account accounts.IAccount) bool {
+	switch account.GetAccountType() {
+	case accounts.AccountTypeAzureServicePrincipal,
+		accounts.AccountTypeAzureOIDC:
+		return true
+	default:
+		return false
+	}
+}
+
+func getAzureAccountTypeName(account accounts.IAccount) string {
+	switch account.GetAccountType() {
+	case accounts.AccountTypeAzureServicePrincipal:
+		return "Azure Service Principal"
+	case accounts.AccountTypeAzureOIDC:
+		return "Azure OIDC"
+	default:
+		return "Unknown"
+	}
+}
+
+func getAllAzureWebAppSlots(client client.Client, account accounts.IAccount, webapp *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
+	if !isAzureAccount(account) {
+		return nil, fmt.Errorf("account '%s' is not an Azure account (type: %s)",
+			account.GetName(), account.GetAccountType())
+	}
+
+	slots, err := azure.GetWebSiteSlots(client, account, webapp)
 	if err != nil {
 		return nil, err
 	}
 
 	return slots, nil
 }
 
-func getAllAzureWebapps(client client.Client, account *accounts.AzureServicePrincipalAccount) ([]*azure.AzureWebApp, error) {
+func getAllAzureWebapps(client client.Client, account accounts.IAccount) ([]*azure.AzureWebApp, error) {
+	if !isAzureAccount(account) {
+		return nil, fmt.Errorf("account '%s' is not an Azure account (type: %s)",
+			account.GetName(), account.GetAccountType())
+	}
+
 	sites, err := azure.GetWebSites(client, account)
 	if err != nil {
 		return nil, err
@@ -327,23 +362,23 @@ func getAllAzureWebapps(client client.Client, account *accounts.AzureServicePrin
 	return sites, nil
 }
 
-func getAllAzureAccounts(client client.Client) ([]*accounts.AzureServicePrincipalAccount, error) {
+func getAllAzureAccounts(client client.Client) ([]accounts.IAccount, error) {
 	allAccounts, err := client.Accounts.GetAll()
 	if err != nil {
 		return nil, err
 	}
 
-	var spAccounts []*accounts.AzureServicePrincipalAccount
+	var azureAccounts []accounts.IAccount
 	for _, a := range allAccounts {
-		if s, ok := a.(*accounts.AzureServicePrincipalAccount); ok {
-			spAccounts = append(spAccounts, s)
+		if isAzureAccount(a) {
+			azureAccounts = append(azureAccounts, a)
 		}
 	}
 
-	return spAccounts, nil
+	return azureAccounts, nil
 }
 
-func getAzureAccount(opts *CreateOptions) (*accounts.AzureServicePrincipalAccount, error) {
+func getAzureAccount(opts *CreateOptions) (accounts.IAccount, error) {
 	idOrName := opts.Account.Value
 	allAccounts, err := opts.GetAllAzureAccounts()
 	if err != nil {
@@ -352,9 +387,12 @@ func getAzureAccount(opts *CreateOptions) (*accounts.AzureServicePrincipalAccoun
 
 	for _, a := range allAccounts {
 		if strings.EqualFold(a.GetID(), idOrName) || strings.EqualFold(a.GetName(), idOrName) {
+			if !isAzureAccount(a) {
+				return nil, fmt.Errorf("account %s is not an Azure account (type: %s)", idOrName, a.GetAccountType())
+			}
 			return a, nil
 		}
 	}
 
-	return nil, fmt.Errorf("cannot find account %s", idOrName)
+	return nil, fmt.Errorf("cannot find Azure account %s", idOrName)
 }

pkg/cmd/target/azure-web-app/create/create_test.go

@@ -22,7 +22,7 @@ func TestPromptForWebApp_FlagsSupplied(t *testing.T) {
 	flags.Slot.Value = "production"
 
 	opts := create.NewCreateOptions(flags, &cmd.Dependencies{Ask: asker})
-	opts.GetAllAzureWebApps = func(a *accounts.AzureServicePrincipalAccount) ([]*azure.AzureWebApp, error) {
+	opts.GetAllAzureWebApps = func(a accounts.IAccount) ([]*azure.AzureWebApp, error) {
 		return []*azure.AzureWebApp{
 			{
 				Name:          "website",
@@ -56,7 +56,7 @@ func TestPromptForWebApp_NoFlagsSupplied(t *testing.T) {
 	}
 
 	opts := create.NewCreateOptions(flags, &cmd.Dependencies{Ask: asker})
-	opts.GetAllAzureWebApps = func(a *accounts.AzureServicePrincipalAccount) ([]*azure.AzureWebApp, error) {
+	opts.GetAllAzureWebApps = func(a accounts.IAccount) ([]*azure.AzureWebApp, error) {
 		return []*azure.AzureWebApp{
 			webapp,
 			{
@@ -66,7 +66,7 @@ func TestPromptForWebApp_NoFlagsSupplied(t *testing.T) {
 			},
 		}, nil
 	}
-	opts.GetAllAzureWebAppSlots = func(acc *accounts.AzureServicePrincipalAccount, wa *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
+	opts.GetAllAzureWebAppSlots = func(acc accounts.IAccount, wa *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
 		return []*azure.AzureWebAppSlot{
 			{Name: "production"},
 			{Name: "test"},
@@ -93,7 +93,7 @@ func TestPromptForWebApp_NoSlotsAvailable(t *testing.T) {
 	flags.WebApp.Value = "website"
 	flags.ResourceGroup.Value = "rg1"
 	opts := create.NewCreateOptions(flags, &cmd.Dependencies{Ask: asker})
-	opts.GetAllAzureWebApps = func(a *accounts.AzureServicePrincipalAccount) ([]*azure.AzureWebApp, error) {
+	opts.GetAllAzureWebApps = func(a accounts.IAccount) ([]*azure.AzureWebApp, error) {
 		return []*azure.AzureWebApp{
 			{
 				Name:          "website",
@@ -103,7 +103,7 @@ func TestPromptForWebApp_NoSlotsAvailable(t *testing.T) {
 		}, nil
 	}
 
-	opts.GetAllAzureWebAppSlots = func(acc *accounts.AzureServicePrincipalAccount, wa *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
+	opts.GetAllAzureWebAppSlots = func(acc accounts.IAccount, wa *azure.AzureWebApp) ([]*azure.AzureWebAppSlot, error) {
 		return []*azure.AzureWebAppSlot{}, nil
 	}
 
@@ -123,39 +123,89 @@ func TestPromptForAccount_FlagSupplied(t *testing.T) {
 	flags.Account.Value = "Azure Account"
 
 	opts := create.NewCreateOptions(flags, &cmd.Dependencies{Ask: asker})
-	opts.GetAllAzureAccounts = func() ([]*accounts.AzureServicePrincipalAccount, error) {
+	opts.GetAllAzureAccounts = func() ([]accounts.IAccount, error) {
 		a, _ := accounts.NewAzureServicePrincipalAccount("Azure account", uuid.New(), uuid.New(), uuid.New(), core.NewSensitiveValue("password"))
-		return []*accounts.AzureServicePrincipalAccount{a}, nil
+		return []accounts.IAccount{a}, nil
 	}
 
 	a, err := create.PromptForAccount(opts)
 
 	checkRemainingPrompts()
 	assert.NoError(t, err)
 	assert.NotNil(t, a)
-	assert.Equal(t, "Azure account", a.Name)
+	assert.Equal(t, "Azure account", a.GetName())
 	assert.Equal(t, "Azure account", opts.Account.Value)
 }
 
 func TestPromptForAccount_NoFlagSupplied(t *testing.T) {
 	pa := []*testutil.PA{
-		testutil.NewSelectPrompt("Select the Azure Account to use\n", "", []string{"Azure account 1", "Azure account the second"}, "Azure account the second"),
+		testutil.NewSelectPrompt("Select the Azure Account to use\n", "", []string{"Azure account 1 (Azure Service Principal)", "Azure account the second (Azure Service Principal)"}, "Azure account the second (Azure Service Principal)"),
 	}
 
 	asker, checkRemainingPrompts := testutil.NewMockAsker(t, pa)
 	flags := create.NewCreateFlags()
 	opts := create.NewCreateOptions(flags, &cmd.Dependencies{Ask: asker})
-	opts.GetAllAzureAccounts = func() ([]*accounts.AzureServicePrincipalAccount, error) {
+	opts.GetAllAzureAccounts = func() ([]accounts.IAccount, error) {
 		a1, _ := accounts.NewAzureServicePrincipalAccount("Azure account 1", uuid.New(), uuid.New(), uuid.New(), core.NewSensitiveValue("password"))
 		a2, _ := accounts.NewAzureServicePrincipalAccount("Azure account the second", uuid.New(), uuid.New(), uuid.New(), core.NewSensitiveValue("password"))
-		return []*accounts.AzureServicePrincipalAccount{a1, a2}, nil
+		return []accounts.IAccount{a1, a2}, nil
 	}
 
 	a, err := create.PromptForAccount(opts)
 
 	checkRemainingPrompts()
 	assert.NoError(t, err)
 	assert.NotNil(t, a)
-	assert.Equal(t, "Azure account the second", a.Name)
+	assert.Equal(t, "Azure account the second", a.GetName())
 	assert.Equal(t, "Azure account the second", opts.Account.Value)
 }
+
+func TestPromptForAccount_OIDCFlagSupplied(t *testing.T) {
+	pa := []*testutil.PA{}
+
+	asker, checkRemainingPrompts := testutil.NewMockAsker(t, pa)
+	flags := create.NewCreateFlags()
+	flags.Account.Value = "Azure OIDC Account"
+
+	opts := create.NewCreateOptions(flags, &cmd.Dependencies{Ask: asker})
+	opts.GetAllAzureAccounts = func() ([]accounts.IAccount, error) {
+		oidcAccount, _ := accounts.NewAzureOIDCAccount("Azure OIDC Account", uuid.New(), uuid.New(), uuid.New())
+		return []accounts.IAccount{oidcAccount}, nil
+	}
+
+	a, err := create.PromptForAccount(opts)
+
+	checkRemainingPrompts()
+	assert.NoError(t, err)
+	assert.NotNil(t, a)
+	assert.Equal(t, "Azure OIDC Account", a.GetName())
+	assert.Equal(t, "Azure OIDC Account", opts.Account.Value)
+}
+
+func TestPromptForWebApp_OIDCAccount(t *testing.T) {
+	pa := []*testutil.PA{}
+
+	asker, checkRemainingPrompts := testutil.NewMockAsker(t, pa)
+	flags := create.NewCreateFlags()
+	flags.WebApp.Value = "website"
+	flags.ResourceGroup.Value = "rg1"
+	flags.Slot.Value = "production"
+
+	opts := create.NewCreateOptions(flags, &cmd.Dependencies{Ask: asker})
+	opts.GetAllAzureWebApps = func(a accounts.IAccount) ([]*azure.AzureWebApp, error) {
+		return []*azure.AzureWebApp{
+			{
+				Name:          "website",
+				Region:        "West US",
+				ResourceGroup: "rg1",
+			},
+		}, nil
+	}
+
+	oidcAccount, _ := accounts.NewAzureOIDCAccount("Azure OIDC Account", uuid.New(), uuid.New(), uuid.New())
+
+	err := create.PromptForWebApp(opts, oidcAccount)
+
+	checkRemainingPrompts()
+	assert.NoError(t, err)
+}