Merge branch 'andyohart/managed-identity' of https://github.com/Azure…

…AD/microsoft-authentication-library-for-go into 4gust/mi-retry-policy
AzureAD · Nov 13, 2024 · f4bbc08 · f4bbc08
2 parents 4e2ed03 + 46efcf8
commit f4bbc08
Show file tree

Hide file tree

Showing 14 changed files with 423 additions and 174 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -40,13 +40,13 @@ jobs:
 
       - name: Unit Tests
         run: go test -race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/...
-
-      - name: Integration Tests
-        run: go test -race ./apps/tests/integration/...
-        env :
-          clientId: ${{ secrets.LAB_APP_CLIENT_ID }}
-          clientSecret: ${{ secrets.LAB_APP_CLIENT_SECRET }}
-          oboConfidentialClientId: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_ID }}
-          oboConfidentialClientSecret: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_SECRET }}
-          oboPublicClientId: ${{ secrets.OBO_PUBLIC_APP_CLIENT_ID }}
-          CI: ${{secrets.ENABLECI}}
+      # Intergration tests runs on ADO
+      # - name: Integration Tests
+      #   run: go test -race ./apps/tests/integration/...
+      #   env :
+      #     clientId: ${{ secrets.LAB_APP_CLIENT_ID }}
+      #     clientSecret: ${{ secrets.LAB_APP_CLIENT_SECRET }}
+      #     oboConfidentialClientId: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_ID }}
+      #     oboConfidentialClientSecret: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_SECRET }}
+      #     oboPublicClientId: ${{ secrets.OBO_PUBLIC_APP_CLIENT_ID }}
+      #     CI: ${{secrets.ENABLECI}}
diff --git a/ado/build_test.yaml b/ado/build_test.yaml
@@ -1,68 +1,54 @@
-trigger: 
- - main
+trigger:
+  - main
 
-pool:
-   vmImage: 'ubuntu-latest'
-
-steps: 
-- task: GoTool@0
-  inputs:
-    version: '1.22.3'
-- task: Go@0
-  inputs:
-    command: 'get'
-    arguments: '-d -v -t -d ./...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Install dependencies"
-- task: Go@0
-  inputs:
-    command: 'build'
-    arguments: './apps/...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Build"
-# - task: Go@0
-#   inputs:       
-#     command: 'test'
-#     arguments: '-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/...'
-#     workingDirectory: '$(System.DefaultWorkingDirectory)'
-#   displayName: "Run Unit Tests"
-
-- task: AzureKeyVault@2
-  displayName: 'Connect to Key Vault'
-  inputs:
-    azureSubscription: 'AuthSdkResourceManager' # string. Workload identity service connection to use managed identity authentication
-    KeyVaultName: 'msidlabs' # string. Required. The name of the Key Vault containing the secrets.
-    #setting secrets filter to fetch only MSIDLABCertificate cert from the vault
-    SecretsFilter: 'LabAuth' # string. Required. Specifies the secret to download. Use '*' for all secrets.
-    #RunAsPreJob: false # boolean. Make secrets available to whole job. Default: false.
-
-# - powershell: |
-#    $kvSecretBytes = [System.Convert]::FromBase64String('$(LabAuth)')
-#    $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
-#    $certCollection.Import($kvSecretBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
-
-#    $protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12)
-#    $pfxPath = '$(Build.SourcesDirectory)' + "\TestCert.pfx"
-#    [System.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes)
-
-#    Import-PfxCertificate -FilePath $pfxPath -CertStoreLocation Cert:\LocalMachine\My
-
-#   displayName: 'Install Keyvault Secrets'
-
-- script: |
-    echo $(LabAuth) | base64 -d > cert.pfx
-    sudo apt-get install -y libnss3-tools openssl
-    mkdir -p ~/.pki/nssdb
-    certutil -N -d sql:$HOME/.pki/nssdb --empty-password
-    openssl pkcs12 -in cert.pfx -out cert.pem -nodes
-    certutil -A -d sql:$HOME/.pki/nssdb -n "labCert" -t "P,," -i cert.pem
-  displayName: 'Install Keyvault Secrets'
-
-- task: Go@0
-  inputs:       
-    command: 'test'
-    arguments: '-race ./apps/tests/integration/...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Run Integration Tests"
-
+pr:
+  autoCancel: false
+  branches:
+    include:
+    - main
 
+pool:
+  vmImage: "ubuntu-latest"
+
+steps:
+  - task: GoTool@0
+    inputs:
+      version: "1.22.3"
+  - task: Go@0
+    inputs:
+      command: "get"
+      arguments: "-d -v -t -d ./..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Install dependencies"
+  - task: Go@0
+    inputs:
+      command: "build"
+      arguments: "./apps/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Build"
+  - task: Go@0
+    inputs:
+      command: "test"
+      arguments: "-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Run Unit Tests"
+  - task: AzureKeyVault@2
+    displayName: "Connect to Key Vault"
+    inputs:
+      azureSubscription: "AuthSdkResourceManager"
+      KeyVaultName: "msidlabs"
+      SecretsFilter: "LabAuth"
+  - task: Bash@3
+    displayName: Installing certificate
+    inputs:
+      targetType: "inline"
+      script: |
+        echo $(LabAuth) | base64 -d > $(Build.SourcesDirectory)/cert.pfx
+        openssl pkcs12 -in $(Build.SourcesDirectory)/cert.pfx -out $(Build.SourcesDirectory)/cert.pem -nodes -passin pass:''
+
+  - task: Go@0
+    inputs:
+      command: "test"
+      arguments: "-race ./apps/tests/integration/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Run Integration Tests"
diff --git a/apps/confidential/confidential.go b/apps/confidential/confidential.go
@@ -18,6 +18,8 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"os"
+	"strings"
 
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base"
@@ -315,16 +317,21 @@ func New(authority, clientID string, cred Credential, options ...Option) (Client
 	if err != nil {
 		return Client{}, err
 	}
-
+	autoEnabledRegion := os.Getenv("MSAL_FORCE_REGION")
 	opts := clientOptions{
 		authority: authority,
 		// if the caller specified a token provider, it will handle all details of authentication, using Client only as a token cache
 		disableInstanceDiscovery: cred.tokenProvider != nil,
 		httpClient:               shared.DefaultClient,
+		azureRegion:              autoEnabledRegion,
 	}
 	for _, o := range options {
 		o(&opts)
 	}
+	if strings.EqualFold(opts.azureRegion, "DisableMsalForceRegion") {
+		opts.azureRegion = ""
+	}
+
 	baseOpts := []base.Option{
 		base.WithCacheAccessor(opts.accessor),
 		base.WithClientCapabilities(opts.capabilities),