flowey_lib_hvlite/_jobs/
cfg_gh_azure_login.rs

1// Copyright (c) Microsoft Corporation.
2// Licensed under the MIT License.
3
4//! Configuration for Azure Login on Github Actions using federated credentials (OpenIDConnect).
5
6use flowey::node::prelude::*;
7
8flowey_request! {
9    #[derive(Clone)]
10    pub struct Params {
11        pub client_id: GhUserSecretVar,
12        pub tenant_id: GhUserSecretVar,
13        pub subscription_id: GhUserSecretVar,
14    }
15}
16
17new_simple_flow_node!(struct Node);
18
19impl SimpleFlowNode for Node {
20    type Request = Params;
21
22    fn imports(ctx: &mut ImportCtx<'_>) {
23        ctx.import::<flowey_lib_common::gh_task_azure_login::Node>();
24    }
25
26    fn process_request(request: Self::Request, ctx: &mut NodeCtx<'_>) -> anyhow::Result<()> {
27        let Params {
28            client_id,
29            tenant_id,
30            subscription_id,
31        } = request;
32
33        if !matches!(ctx.backend(), FlowBackend::Github) {
34            return Ok(());
35        }
36
37        let client_id = ctx.get_gh_context_var().secret(client_id);
38        let tenant_id = ctx.get_gh_context_var().secret(tenant_id);
39        let subscription_id = ctx.get_gh_context_var().secret(subscription_id);
40        let (open_id_connect, write_open_id_connect) = ctx.new_secret_var();
41
42        ctx.emit_rust_step("Create OpenIDConnect Credentials", |ctx| {
43            let client_id = client_id.claim(ctx);
44            let tenant_id = tenant_id.claim(ctx);
45            let subscription_id = subscription_id.claim(ctx);
46            let write_open_id_connect = write_open_id_connect.claim(ctx);
47            |rt| {
48                let client_id = rt.read(client_id);
49                let tenant_id = rt.read(tenant_id);
50                let subscription_id = rt.read(subscription_id);
51                rt.write(
52                    write_open_id_connect,
53                    &flowey_lib_common::gh_task_azure_login::OpenIDConnect {
54                        client_id,
55                        tenant_id,
56                        subscription_id,
57                    },
58                );
59                Ok(())
60            }
61        });
62
63        ctx.req(flowey_lib_common::gh_task_azure_login::Request::Credentials(open_id_connect));
64        Ok(())
65    }
66}