[v2.9] Azuread support

[enrichman]

Ref:

• [RFE] Rancher CLI doesn't have a driver for AzureAD for authenticating with kubectl rancher#42939

SURE-4275

---

This PR adds the support for the AzureAD provider. When configured the rancher token command will prompt the user to select it, or use the local login.

The CLI will use the Device Authorization Grant, so it will ask the user to enter a code in the URL, as discussed in the RFC.

The PR adds also some refinements and refactor:

The getAuthProviders func now returns a []TypedProvider. With rancher/rancher#44285 the GetType method was added, so that every provider automatically implements any interface with the same method.

type TypedProvider interface {
	GetType() string
}

func getAuthProviders(server string) ([]TypedProvider, error) {
	// fetch providers
}

With this we can actually do a type assertion on the returned interface and get the concrete underlying type.

Note: before merging the import for the struct will need to be updated.

[crobby]

One thought I had about the --prompt option that I figured I'd capture here before I forget. While it certainly works well, it feels like a bit of a non-standard approach to this sort of operation (copy/paste a URL from a blank page). We should definitely make sure that this UX is reasonable, and if it is, we should definitely add some extra text in the cli output to make it very clear to the user what the expected flow is in this scenario.

[enrichman]

One thought I had about the --prompt option that I figured I'd capture here before I forget. While it certainly works well, it feels like a bit of a non-standard approach to this sort of operation (copy/paste a URL from a blank page). We should definitely make sure that this UX is reasonable, and if it is, we should definitely add some extra text in the cli output to make it very clear to the user what the expected flow is in this scenario.

@crobby that's a legit concern. What about having a Rancher UI page that is not doing anything in the backend, but just showing you the URL, or maybe the query params? That will be pretty cool, and actually useful also to show the errors. The user will be prompted to input the code, and/or the other parameters.

It need a bit of work on the UI side, but not much.

[enrichman]

Just to have something visual this is what I was trying to come up:

Please don't pay too much attention to the graphic, I'm not a frontend guy. It will be nice to have also a "copy" button, so the user can easily copy-paste the code, or whatever he needs.

[enrichman]

In the final implementation, implementing the RFC there is no update on the UI.

[crobby]

I think this looks pretty good.
Any chance of adding some unit tests? Might be reasonable to add a few at least for the new functionality.

[enrichman]

Thanks @crobby. I've added just a couple of tests to the getAuthProviders func. Others are probably possible, but not without a bit of a refactors.

With the latest commit I've added a getClient func, used to create the HTTP client once, with the same TLS config.

/cc FYI @samjustus @anupama2501

[andreas-kupries]

The main issue with the local references is done.
Regarding the cert pool I defer to @pjbgf 's final assessment

[crobby]

I think this lgtm pending the feedback/resolution on the cert pool.

[enrichman]

As discussed internally we can keep the changes as-is (reverting a func name) to keep the existing behaviour. We will address the issues in a next version of the cli.

/cc @crobby @andreas-kupries