Adds connection to Graph RBAC API #327
Conversation
Signed-off-by: Ruairi Fennell <[email protected]>
Signed-off-by: Ruairi Fennell <[email protected]>
Signed-off-by: Ruairi Fennell <[email protected]>
ghost
requested review from
Signed-off-by: Ruairi Fennell <[email protected]>
Signed-off-by: Ruairi Fennell <[email protected]>
Graph client may be used in cases where you need to communicate with Azure Graph API. Signed-off-by: David McCown <[email protected]>
Signed-off-by: Ruairi Fennell <[email protected]>
Signed-off-by: Ruairi Fennell <[email protected]>
Signed-off-by: Ruairi Fennell <[email protected]>
|
We will have to confirm all the upstream inspec artifact builds are ok with 'azure_graph_rbac'. To do this create a inspec branch based off this train branch and then create a ad-hoc inspec build in our pipeline. |
lib/train/transports/azure.rb
Outdated
| @@ -54,14 +56,21 @@ def platform | |||
| force_platform!('azure', @platform_details) | |||
| end | |||
|
|
|||
| def graph_client | |||
There was a problem hiding this comment.
This may be confusing as the main client object for all azure clients is under this. I think it may be clearer to just put some logic into the azure_client method to pick out the graph client. This way we don't end up with inspec.backend.graph_client in inspec, which is a type of azure_client.
There was a problem hiding this comment.
After talking this through, we'll change azure_client to handle the case that a client passes in ::Azure::GraphRbac::Profiles::Latest::Client. The returned client will be fully hydrated and ready for consumption. So essentially it will fix an existing bug in cases you asked for a Graph client and the returned client didn't work.
Signed-off-by: Ruairi Fennell <[email protected]>
|
This is looking pretty good but you have some failing tests. |
lib/train/transports/azure.rb
Outdated
| require 'socket' | ||
| require 'timeout' | ||
| require 'train/transports/helpers/azure/file_credentials' | ||
| require_relative 'clients/azure/graph_rbac' |
There was a problem hiding this comment.
Should we just use require here?
lib/train/transports/azure.rb
Outdated
| @@ -55,13 +57,27 @@ def platform | |||
| end | |||
|
|
|||
| def azure_client(klass = ::Azure::Resources::Profiles::Latest::Mgmt::Client) | |||
| return klass.new(@credentials) unless cache_enabled?(:api_call) | |||
| # Return early if we can | |||
Signed-off-by: Ruairi Fennell <[email protected]>
This test could fail in cases where you already have a credentails file in the default path (~/.azure/credentials). I am moving the default behavior to `azure.rb` so `file_credentials` can operate on what you pass in. This makes an easier contract as the caller must provide a file, and the test easier since there's no defaulting behavior. Signed-off-by: David McCown <[email protected]>
Signed-off-by: David McCown <[email protected]>
Signed-off-by: Ruairi Fennell <[email protected]>
No description provided.