|
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
using Azure.Core;
using Azure.Identity;
namespace Aspire;
internal static class AzureCredentialHelper
{
/// <summary>
/// Creates a <see cref="TokenCredential"/> for code that can run in local development or deployed to Azure.
/// </summary>
internal static TokenCredential CreateDefaultAzureCredential()
{
if (Environment.GetEnvironmentVariable(DefaultAzureCredential.DefaultEnvironmentVariableName) is not null)
{
return new DefaultAzureCredential(DefaultAzureCredential.DefaultEnvironmentVariableName);
}
if (Environment.GetEnvironmentVariable("AZURE_CLIENT_ID") is not null)
{
// When we don't see DefaultEnvironmentVariableName, but we do see AZURE_CLIENT_ID,
// we just use ManagedIdentityCredential because that's the only credential type that
// Aspire Hosting enables by default.
// If this doesn't work for applications, they can override the TokenCredential in their settings.
return new ManagedIdentityCredential(new ManagedIdentityCredentialOptions());
}
// when we can't detect a known Azure environment, fall back to the development credential
return CreateDevelopmentAzureCredential();
}
/// <summary>
/// Creates a <see cref="DefaultAzureCredential"/> optimized for local development by excluding
/// credential types not applicable on developer machines.
/// </summary>
private static TokenCredential CreateDevelopmentAzureCredential()
{
return new DefaultAzureCredential(new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeWorkloadIdentityCredential = true,
ExcludeManagedIdentityCredential = true
});
}
}
|