Acquire token for IMDS SAMI #500
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added a simple version of getting token and printing it reformatting code.
Added tests and implementation for SAMI IMDS
Reverted changes in the test app
Formatting changes
Added method for UAMI
chlowell
requested changes
Sep 4, 2024
Updated the some code and cleaned up some comments and print statement
chlowell
reviewed
Sep 4, 2024
Updated the key for the resource Co-authored-by: Charles Lowell <[email protected]>
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
reviewed
Sep 4, 2024
bgavrilMS
requested changes
Sep 4, 2024
chlowell
reviewed
Sep 4, 2024
chlowell
reviewed
Sep 4, 2024
Updated the token from url function to a reaquest based function
…icrosoft-authentication-library-for-go into acquire-token-for-mise
Updated test to fail not only return error
chlowell
reviewed
Sep 11, 2024
Co-authored-by: Charles Lowell <[email protected]>
…icrosoft-authentication-library-for-go into acquire-token-for-mise
bgavrilMS
reviewed
Sep 20, 2024
bgavrilMS
reviewed
Sep 20, 2024
Removed printing token Variable name updated.
chlowell
reviewed
Sep 20, 2024
bgavrilMS
approved these changes
Sep 23, 2024
Updated the MI identity for UAMI with "UserAssigned" as prefix
chlowell
added
enhancement
chlowell
requested changes
Sep 24, 2024
| } | ||
| if err != nil { | ||
| t.Fatal("client New() error while creating client") | ||
| } else { |
There was a problem hiding this comment.
Not a blocker but this else is still unnecessary. What you have is like
if err != nil {
os.Exit(1)
} else {
// this block never executes when err != nil, so you don't
// need the else to prevent it executing in that case
}| } | ||
| mockClient.AppendResponse(mock.WithHTTPStatusCode(http.StatusOK), mock.WithBody(responseBody), mock.WithCallback(func(r *http.Request) { url = r.URL.String() })) | ||
| client, err := New(SystemAssigned(), WithHTTPClient(&mockClient)) | ||
| mockClient.AppendResponse(mock.WithHTTPStatusCode(http.StatusOK), mock.WithBody(responseBody)) |
There was a problem hiding this comment.
Why delete the callback you had here? Don't you want to validate the request? Now you have this test doing
url := testCase.endpoint
// ... nothing modifies the value of url ...
if !strings.HasPrefix(url, testCase.endpoint) {
t.Fatal("this line will never execute")
}and you're really only testing that the client can unmarshal the response. That's important, but so is the client's request
There was a problem hiding this comment.
Updated to check alot more values in the request.
| } else { | ||
| if client.miType.value() != tt.id.value() { | ||
| t.Fatal("client New() did not assign a correct value to type.") | ||
| } | ||
| } | ||
| }) | ||
| } | ||
|
|
||
| } | ||
| func TestCreateIMDSAuthRequest(t *testing.T) { |
There was a problem hiding this comment.
I suggested merging this into another test, not simply deleting it; the coverage is important
There was a problem hiding this comment.
I added that test to Test_SystemAssigned_Returns_Token_Success
Co-authored-by: Charles Lowell <[email protected]>
Updated to have more coverage
…icrosoft-authentication-library-for-go into acquire-token-for-mise
chlowell
approved these changes
Sep 25, 2024
apps/tests/devapps/main.go
Outdated
Comment on lines
39
to
40
| // acquireTokenClientCertificate() | ||
| // // this time the token comes from the cache! |
There was a problem hiding this comment.
👀 do you intend to make this change?
There was a problem hiding this comment.
I Was testing the api on the VM so, to get these changes there pushed this, now reverted.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add ManagedIdentity Class and acquireToken Function for SystemAssigned Identity
Overview
This PR introduces a new
ManagedIdentityclass in the Go codebase, specifically designed to handle operations related to managed identities in Azure. The primary feature added in this PR is theacquireTokenfunction within theManagedIdentityclass, which currently supports only SystemAssigned managed identities.Changes
ManagedIdentity:
ManagedIdentityto encapsulate managed identity operations.acquireToken Function:
acquireTokenfunction in theManagedIdentityclass.Implementation Details
SystemAssigned Identity:
acquireTokenfunction currently assumes that the managed identity is SystemAssigned.http://127.0.0.1:40342/metadata/identity/oauth2/token.Error Handling:
Testing
acquireTokenfunction to ensure it behaves as expected when fetching tokens for a SystemAssigned identity.Checklist
Notes
ManagedIdentityclass with limited functionality. Please review and suggest improvements, especially concerning the design for future extensibility.