Azure AD API

[axw]

We (Juju) would like to automate the process of creating an application/service principal in Active Directory. Essentially we want to replicate the process described at https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal-cli/, in Go.

[colemickens]

I've written code to create an AD App, AD ServicePrincipal and assign ARM RBAC Roles to the SP. If you want to take a look and/or borrow code: https://github.com/colemickens/azkube/blob/master/util/ad.go

The Azure SDK for Go can handle the role assignment, but the AD side interacts with the Graph API and we don't have an ADAL library for Go, so I implemented the Graph API calls "manually" using go-autorest.

[axw]

@colemickens Thanks very much, I will take a look.

[moritzheiber]

This is pretty essential, especially for tools trying to support a completely "Infrastructure as Code" approach. Is there any work being done on it?

[axw]

@moritzheiber I ended up hand-crafting just the bits I needed. I've licensed it the same as the azure-sdk-for-go code, feel free to use it if it's useful: https://github.com/juju/juju/tree/staging/provider/azure/internal/ad. It was a while ago that I wrote it now, but IIRC the only reason why I couldn't just auto-generate it was because of the difference in result structures from the AD API (i.e. see refs to "odata.error" in https://github.com/juju/juju/blob/staging/provider/azure/internal/ad/client.go)

[marstr]

Howdy folks,

We're scheduled to add the Graph API in the next monthly release. We have a couple of related issues tracking the concerns brought up in this thread:

• Azure/go-autorest#103
• Azure/azure-sdk-for-go#455

Because there are more immediately actionable requests in those items, I'm going to close this issue in favor of the others. If folks think there is unresolved discussion unique to this thread, feel free to re-open.

[axw]

Thanks for the update, @marstr.