Skip to content

Commit

Permalink
🐛 use inventory in shell to resolve credentials properly. (#2041)
Browse files Browse the repository at this point in the history
  • Loading branch information
@preslavgerchev
preslavgerchev authored Oct 2, 2023
1 parent 702c436 commit 2cf293a
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 8 deletions.
13 changes: 12 additions & 1 deletion apps/cnquery/cmd/shell.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package cmd

import (
"errors"
"fmt"
"os"

Expand All @@ -18,6 +19,7 @@ import (
"go.mondoo.com/cnquery/cli/theme"
"go.mondoo.com/cnquery/providers"
"go.mondoo.com/cnquery/providers-sdk/v1/inventory"
"go.mondoo.com/cnquery/providers-sdk/v1/inventory/manager"
"go.mondoo.com/cnquery/providers-sdk/v1/plugin"
"go.mondoo.com/cnquery/providers-sdk/v1/upstream"
)
Expand Down Expand Up @@ -92,9 +94,18 @@ func ParseShellConfig(cmd *cobra.Command, cliRes *plugin.ParseCLIRes) *ShellConf

// StartShell will start an interactive CLI shell
func StartShell(runtime *providers.Runtime, conf *ShellConfig) error {
// we go through inventory resolution to resolve credentials properly for the passed-in asset
im, err := manager.NewManager(manager.WithInventory(inventory.New(inventory.WithAssets(conf.Asset)), runtime))
if err != nil {
return errors.New("failed to resolve inventory for connection")
}
resolvedAsset, err := im.ResolveAsset(conf.Asset)
if err != nil {
return err
}
res, err := runtime.Provider.Instance.Plugin.Connect(&plugin.ConnectReq{
Features: conf.Features,
Asset: conf.Asset,
Asset: resolvedAsset,
Upstream: nil,
}, nil)
if err != nil {
Expand Down
8 changes: 1 addition & 7 deletions providers/ms365/connection/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,14 @@ import (
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/pkg/errors"
"github.com/rs/zerolog/log"
"go.mondoo.com/cnquery/providers-sdk/v1/vault"
)

func getTokenCredential(credential *vault.Credential, tenantId, clientId string) (azcore.TokenCredential, error) {
var azCred azcore.TokenCredential
var err error
// fallback to CLI authorizer if no credentials are specified
if credential == nil {
log.Debug().Msg("using azure cli to get a token")
azCred, err = azidentity.NewAzureCLICredential(&azidentity.AzureCLICredentialOptions{})
if err != nil {
return nil, errors.Wrap(err, "error creating CLI credentials")
}
return nil, errors.New("no credentials provided")
} else {
// we only support private key authentication for ms 365
switch credential.Type {
Expand Down

0 comments on commit 2cf293a

Please sign in to comment.