use hashicorp lib for az cli auth support

client/client.go

@@ -7,6 +7,7 @@ import (
 	"github.com/covermymeds/azure-key-vault-agent/iam"
 
 	"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
+	"github.com/hashicorp/go-azure-sdk/sdk/auth/autorest"
 )
 
 type Clients map[string]keyvault.BaseClient
@@ -20,3 +21,23 @@ func NewClient(cred config.CredentialConfig) keyvault.BaseClient {
 	client.Authorizer = authorizer
 	return client
 }
+
+func NewSpnClient(cred config.CredentialConfig) keyvault.BaseClient {
+	client := keyvault.New()
+	authorizer, err := iam.GetKeyvaultAuthorizerFromSpn(cred.TenantID, cred.ClientID, cred.ClientSecret)
+	if err != nil {
+		panic(fmt.Sprintf("Error authorizing: %v", err.Error()))
+	}
+	client.Authorizer = autorest.AutorestAuthorizer(authorizer)
+	return client
+}
+
+func NewCliClient() keyvault.BaseClient {
+	client := keyvault.New()
+	authorizer, err := iam.GetKeyvaultAuthorizerFromCli()
+	if err != nil {
+		panic(fmt.Sprintf("Error authorizing: %v", err.Error()))
+	}
+	client.Authorizer = autorest.AutorestAuthorizer(authorizer)
+	return client
+}

config/credential.go

@@ -2,7 +2,8 @@ package config
 
 type CredentialConfig struct {
 	Name         string `yaml:"name,omitempty" validate:"required"`
-	TenantID     string `yaml:"tenantID,omitempty" validate:"required"`
-	ClientID     string `yaml:"clientID,omitempty" validate:"required"`
-	ClientSecret string `yaml:"clientSecret,omitempty" validate:"required"`
+	TenantID     string `yaml:"tenantID,omitempty" validate:"required_unless=CliAuth true"`
+	ClientID     string `yaml:"clientID,omitempty" validate:"required_unless=CliAuth true"`
+	ClientSecret string `yaml:"clientSecret,omitempty" validate:"required_unless=CliAuth true"`
+	CliAuth      bool   `yaml:"cliAuth,omitempty"`
 }

configwatcher/configwatcher.go

@@ -3,12 +3,13 @@ package configwatcher
 import (
 	"context"
 	"fmt"
+	"path/filepath"
+
 	"github.com/covermymeds/azure-key-vault-agent/client"
 	"github.com/covermymeds/azure-key-vault-agent/configparser"
 	"github.com/covermymeds/azure-key-vault-agent/worker"
 	"github.com/fsnotify/fsnotify"
 	log "github.com/sirupsen/logrus"
-	"path/filepath"
 )
 
 func Watcher(path string) {
@@ -43,7 +44,11 @@ func ParseAndRunWorkersOnce(path string) {
 	// Initialize clients
 	clients := make(client.Clients)
 	for _, credentialConfig := range config.Credentials {
-		clients[credentialConfig.Name] = client.NewClient(credentialConfig)
+		if credentialConfig.CliAuth {
+			clients[credentialConfig.Name] = client.NewCliClient()
+		} else {
+			clients[credentialConfig.Name] = client.NewClient(credentialConfig)
+		}
 	}
 
 	// Start workers
@@ -65,8 +70,13 @@ func parseAndStartWorkers(path string) context.CancelFunc {
 
 	// Initialize clients
 	clients := make(client.Clients)
+	// Add all of the defined SPN credentials
 	for _, credentialConfig := range config.Credentials {
-		clients[credentialConfig.Name] = client.NewClient(credentialConfig)
+		if credentialConfig.CliAuth {
+			clients[credentialConfig.Name] = client.NewCliClient()
+		} else {
+			clients[credentialConfig.Name] = client.NewClient(credentialConfig)
+		}
 	}
 
 	// Start workers

go.mod

@@ -3,12 +3,12 @@ module github.com/covermymeds/azure-key-vault-agent
 go 1.17
 
 require (
-	github.com/Azure/azure-sdk-for-go v37.1.0+incompatible
-	github.com/Azure/go-autorest/autorest v0.9.3
-	github.com/Azure/go-autorest/autorest/adal v0.8.1
+	github.com/Azure/azure-sdk-for-go v66.0.0+incompatible
+	github.com/Azure/go-autorest/autorest v0.11.29
+	github.com/Azure/go-autorest/autorest/adal v0.9.23
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/fsnotify/fsnotify v1.4.7
-	github.com/go-playground/validator/v10 v10.1.0
+	github.com/go-playground/validator/v10 v10.14.1
 	github.com/gobuffalo/envy v1.8.1
 	github.com/jpillora/backoff v1.0.0
 	github.com/luci/luci-go v0.0.0-20200220034857-6a27eb3e318d
@@ -18,27 +18,44 @@ require (
 	gopkg.in/yaml.v2 v2.3.0
 )
 
+require (
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/hashicorp/go-azure-helpers v0.56.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/rogpeppe/go-internal v1.3.2 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/oauth2 v0.4.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	software.sslmate.com/src/go-pkcs12 v0.2.0 // indirect
+)
+
 require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest/date v0.2.0 // indirect
 	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
-	github.com/Azure/go-autorest/autorest/validation v0.3.0 // indirect
-	github.com/Azure/go-autorest/logger v0.1.0 // indirect
-	github.com/Azure/go-autorest/tracing v0.5.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
-	github.com/go-playground/locales v0.13.0 // indirect
-	github.com/go-playground/universal-translator v0.17.0 // indirect
-	github.com/google/uuid v1.1.1 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/hashicorp/go-azure-sdk v0.20230608.1112153
 	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/imdario/mergo v0.3.10 // indirect
 	github.com/joho/godotenv v1.3.0 // indirect
 	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
-	github.com/leodido/go-urn v1.2.0 // indirect
-	github.com/mitchellh/copystructure v1.0.0 // indirect
-	github.com/mitchellh/reflectwalk v1.0.0 // indirect
-	github.com/rogpeppe/go-internal v1.3.2 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/smartystreets/goconvey v1.6.4 // indirect
 	golang.org/x/sys v0.8.0 // indirect
 )