Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Andyohart/managed identity #532

Closed
wants to merge 98 commits into from
Closed

Andyohart/managed identity #532

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
98 commits
Select commit Hold shift + click to select a range
995fa3c
Changes for running
AndyOHart Aug 21, 2024
0993a3f
* Adds .md file for managed identitys public api
AndyOHart Aug 21, 2024
1053165
Update docs/managedidentity_public_api.md
AndyOHart Aug 21, 2024
aadf13d
Makes DefaultToIMDS the default 0 value
AndyOHart Aug 22, 2024
2fe36df
Merge branch 'andyohart/managed-identity-basic-class-implementation' …
AndyOHart Aug 22, 2024
e82f85d
Merge pull request #499 from AzureAD/andyohart/managed-identity-basic…
AndyOHart Aug 22, 2024
1d2f3e8
Initial system assgined for acquire token
4gust Aug 27, 2024
63e6bed
Added a simple version of getting token.
4gust Aug 27, 2024
69a039c
added IMDB for SAMI
4gust Sep 2, 2024
7c94182
Reverted the test app to original state
4gust Sep 2, 2024
2646418
Formatting changes
4gust Sep 2, 2024
4db1c7e
Added methods for UAMI
4gust Sep 3, 2024
3bf0383
Updated and cleaned up MI for SAMI
4gust Sep 4, 2024
8c3fed1
Update apps/managedidentity/managedidentity.go
4gust Sep 4, 2024
5eb2919
Resolved some comments.
4gust Sep 10, 2024
29583da
Merge branch 'acquire-token-for-mise' of https://github.com/AzureAD/m…
4gust Sep 10, 2024
64e4705
Updated test
4gust Sep 10, 2024
a7e760a
Updated the Identity method for feedback
4gust Sep 11, 2024
df2ad5a
Passed context to http request
4gust Sep 11, 2024
287963e
Updated service errors handling and tests
4gust Sep 13, 2024
df9faf1
Updated tests to use mock
4gust Sep 16, 2024
5395b9a
small update
4gust Sep 16, 2024
6a72df2
Added a withStatusCode method in mock
4gust Sep 17, 2024
b293a60
Update apps/internal/mock/mock.go
4gust Sep 17, 2024
c2b9127
Updated the method usage for WithHTTPStatusCode
4gust Sep 17, 2024
e451611
Update apps/managedidentity/managedidentity_test.go
4gust Sep 20, 2024
9912ee9
Update apps/managedidentity/managedidentity_test.go
4gust Sep 20, 2024
7f147d4
Removed typed data from test
4gust Sep 20, 2024
a2b0a2a
Merge branch 'acquire-token-for-mise' of https://github.com/AzureAD/m…
4gust Sep 20, 2024
82b1155
Updated test to return json error
4gust Sep 20, 2024
522883a
Updating sample app
4gust Sep 20, 2024
6ad761f
Updated the MI identity for UAMI with "UserAssigned" as prefix
4gust Sep 23, 2024
1dcad54
Added Correct response format in test
4gust Sep 24, 2024
149c6aa
Removed Elements from the response that were not used
4gust Sep 24, 2024
e24ca26
Removed un used fields
4gust Sep 24, 2024
cac4441
Removed unused vairable.
4gust Sep 24, 2024
d967d31
Update apps/managedidentity/managedidentity.go
4gust Sep 24, 2024
3367c04
Updated to have more coverage
4gust Sep 24, 2024
08a9465
Merge branch 'acquire-token-for-mise' of https://github.com/AzureAD/m…
4gust Sep 24, 2024
795cd67
Updated tests to test request
4gust Sep 24, 2024
6b9cd68
Removed some tests which were redundant
4gust Sep 25, 2024
b6ec2ee
Merge pull request #500 from AzureAD/acquire-token-for-mise
4gust Sep 25, 2024
4fef77d
Adds documentation for running IMDS locally
AndyOHart Sep 25, 2024
882087b
Merge branch 'andyohart/managed-identity' of https://github.com/Azure…
AndyOHart Sep 26, 2024
c0ba80f
update testing doc
AndyOHart Sep 26, 2024
edbd6d6
fix failing lint
AndyOHart Sep 26, 2024
559e985
Merge pull request #512 from AzureAD/imds-documentation
AndyOHart Sep 26, 2024
a0dd42e
Merge branch 'main' of https://github.com/AzureAD/microsoft-authentic…
AndyOHart Sep 26, 2024
c5febcb
adds tracking for the integration tests that are disabled
AndyOHart Sep 26, 2024
e940016
Added in memory cache support for IMDS - SAMI and UAMI
4gust Oct 4, 2024
52933ff
Removing Resource
4gust Oct 7, 2024
ab3bb2b
Added static caching
4gust Oct 8, 2024
8a49fa0
Update apps/managedidentity/managedidentity.go
4gust Oct 11, 2024
f4915fa
resolved PR comments
4gust Oct 11, 2024
1801963
Removed http.client from cache
4gust Oct 14, 2024
a43d111
Removed cacheWrite
4gust Oct 14, 2024
fafb799
Updated some test error messages
4gust Oct 14, 2024
72bea12
Delete apps/tests/devapps/managedidentity/serialized_cache.json
4gust Oct 15, 2024
0311da2
Merge branch '4gust/imds-cache' of https://github.com/AzureAD/microso…
4gust Oct 15, 2024
918ded0
Update apps/managedidentity/managedidentity.go
4gust Oct 15, 2024
9a81784
Resolved some PR comments
4gust Oct 15, 2024
31b4118
updating sample
4gust Oct 15, 2024
e52a603
updating the expires_in usage
4gust Oct 15, 2024
b3921d9
updated variable
4gust Oct 15, 2024
ae4718d
Update managedidentity_sample.go
4gust Oct 15, 2024
94888b1
Added a cachemanager nil check
4gust Oct 16, 2024
fd132a5
Fixing a possible panic in sotrage
4gust Oct 16, 2024
b0c2403
Update apps/managedidentity/managedidentity_test.go
4gust Oct 21, 2024
84b62c6
Comments resolved.
4gust Oct 21, 2024
7c51221
Merge pull request #514 from AzureAD/4gust/imds-cache
4gust Oct 21, 2024
b5bff8e
testing the ado build on the personal branch
4gust Sep 25, 2024
b7f69c1
updated the build path
4gust Sep 25, 2024
3f86c34
updating path
4gust Sep 25, 2024
c4e46cf
updating the cert creation script
4gust Sep 25, 2024
3bf9f81
update path
4gust Sep 25, 2024
c10e633
comment some tests
4gust Sep 25, 2024
f15746b
uploading working tests
4gust Sep 25, 2024
e897a26
Added README for running integration tests
4gust Sep 26, 2024
b060c7f
Skipping 2 tests
4gust Sep 26, 2024
f04d4b4
Wrap ResolveEndpoints error
kgeckhart Oct 4, 2024
ee88303
Update build_test.yaml for Azure Pipelines
bgavrilMS Oct 7, 2024
68cc4fe
Added Region auto enable
4gust Oct 30, 2024
9d5e86c
Separated test
4gust Oct 31, 2024
d88efcf
Updated variableName
4gust Oct 31, 2024
9158019
Update go.yml to remove Integration tests
4gust Oct 31, 2024
2adf0dd
refactor: remove UserRealmURIPrefix from authority.Info
handsomejack-42 Apr 3, 2024
78f4fba
refactor(oauth): use named tests for WithTenant to improve test outpu…
handsomejack-42 Apr 9, 2024
0975c01
test(oauth): add WithTenant test-cases to increase method test coverage
handsomejack-42 Apr 9, 2024
c566990
refactor(oauth): use constructor for new client in comm.HTTPClient.JS…
handsomejack-42 Apr 15, 2024
80cb6c4
refactor(oauth): rename aad instance discovery endpoint const
handsomejack-42 Apr 15, 2024
e39ce1c
refactor(oauth): make WithTenant extensible with authority types
handsomejack-42 Apr 15, 2024
c717825
refactor(authority): use authority.ADFS instead of re-defined ADFS const
handsomejack-42 May 29, 2024
a4fe72c
refactor(confidential): fakeClient accepts authority as param
handsomejack-42 Apr 15, 2024
17acbeb
feat(oauth): add support for dSTS authority type
handsomejack-42 Apr 15, 2024
995c080
Fix invalid authority uri
bgavrilMS Nov 6, 2024
46b3a48
If authority segments <3, throw
bgavrilMS Nov 6, 2024
b54495a
Fix WithTenantID("adfs") regression (#529)
chlowell Nov 6, 2024
9b700f7
Create release.md
bgavrilMS Nov 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions .github/workflows/go.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,13 @@ jobs:

- name: Unit Tests
run: go test -race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/...

- name: Integration Tests
run: go test -race ./apps/tests/integration/...
env :
clientId: ${{ secrets.LAB_APP_CLIENT_ID }}
clientSecret: ${{ secrets.LAB_APP_CLIENT_SECRET }}
oboConfidentialClientId: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_ID }}
oboConfidentialClientSecret: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_SECRET }}
oboPublicClientId: ${{ secrets.OBO_PUBLIC_APP_CLIENT_ID }}
CI: ${{secrets.ENABLECI}}
# Intergration tests runs on ADO
# - name: Integration Tests
# run: go test -race ./apps/tests/integration/...
# env :
# clientId: ${{ secrets.LAB_APP_CLIENT_ID }}
# clientSecret: ${{ secrets.LAB_APP_CLIENT_SECRET }}
# oboConfidentialClientId: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_ID }}
# oboConfidentialClientSecret: ${{ secrets.OBO_CONFIDENTIAL_APP_CLIENT_SECRET }}
# oboPublicClientId: ${{ secrets.OBO_PUBLIC_APP_CLIENT_ID }}
# CI: ${{secrets.ENABLECI}}
119 changes: 53 additions & 66 deletions ado/build_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,68 +1,55 @@
trigger:
- main
trigger:
- main

pool:
vmImage: 'ubuntu-latest'

steps:
- task: GoTool@0
inputs:
version: '1.22.3'
- task: Go@0
inputs:
command: 'get'
arguments: '-d -v -t -d ./...'
workingDirectory: '$(System.DefaultWorkingDirectory)'
displayName: "Install dependencies"
- task: Go@0
inputs:
command: 'build'
arguments: './apps/...'
workingDirectory: '$(System.DefaultWorkingDirectory)'
displayName: "Build"
# - task: Go@0
# inputs:
# command: 'test'
# arguments: '-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/...'
# workingDirectory: '$(System.DefaultWorkingDirectory)'
# displayName: "Run Unit Tests"

- task: AzureKeyVault@2
displayName: 'Connect to Key Vault'
inputs:
azureSubscription: 'AuthSdkResourceManager' # string. Workload identity service connection to use managed identity authentication
KeyVaultName: 'msidlabs' # string. Required. The name of the Key Vault containing the secrets.
#setting secrets filter to fetch only MSIDLABCertificate cert from the vault
SecretsFilter: 'LabAuth' # string. Required. Specifies the secret to download. Use '*' for all secrets.
#RunAsPreJob: false # boolean. Make secrets available to whole job. Default: false.

# - powershell: |
# $kvSecretBytes = [System.Convert]::FromBase64String('$(LabAuth)')
# $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
# $certCollection.Import($kvSecretBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)

# $protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12)
# $pfxPath = '$(Build.SourcesDirectory)' + "\TestCert.pfx"
# [System.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes)

# Import-PfxCertificate -FilePath $pfxPath -CertStoreLocation Cert:\LocalMachine\My

# displayName: 'Install Keyvault Secrets'

- script: |
echo $(LabAuth) | base64 -d > cert.pfx
sudo apt-get install -y libnss3-tools openssl
mkdir -p ~/.pki/nssdb
certutil -N -d sql:$HOME/.pki/nssdb --empty-password
openssl pkcs12 -in cert.pfx -out cert.pem -nodes
certutil -A -d sql:$HOME/.pki/nssdb -n "labCert" -t "P,," -i cert.pem
displayName: 'Install Keyvault Secrets'

- task: Go@0
inputs:
command: 'test'
arguments: '-race ./apps/tests/integration/...'
workingDirectory: '$(System.DefaultWorkingDirectory)'
displayName: "Run Integration Tests"

pr:
autoCancel: false
branches:
include:
- main

pool:
vmImage: "ubuntu-latest"

steps:
- task: GoTool@0
inputs:
version: "1.22.3"
- task: Go@0
inputs:
command: "get"
arguments: "-d -v -t -d ./..."
workingDirectory: "$(System.DefaultWorkingDirectory)"
displayName: "Install dependencies"
- task: Go@0
inputs:
command: "build"
arguments: "./apps/..."
workingDirectory: "$(System.DefaultWorkingDirectory)"
displayName: "Build"
- task: Go@0
inputs:
command: "test"
arguments: "-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/..."
workingDirectory: "$(System.DefaultWorkingDirectory)"
displayName: "Run Unit Tests"
- task: AzureKeyVault@2
displayName: "Connect to Key Vault"
inputs:
azureSubscription: "AuthSdkResourceManager"
KeyVaultName: "msidlabs"
SecretsFilter: "LabAuth"

- task: Bash@3
displayName: Installing certificate
inputs:
targetType: "inline"
script: |
echo $(LabAuth) | base64 -d > $(Build.SourcesDirectory)/cert.pfx
openssl pkcs12 -in $(Build.SourcesDirectory)/cert.pfx -out $(Build.SourcesDirectory)/cert.pem -nodes -passin pass:''

- task: Go@0
inputs:
command: "test"
arguments: "-race ./apps/tests/integration/..."
workingDirectory: "$(System.DefaultWorkingDirectory)"
displayName: "Run Integration Tests"
9 changes: 8 additions & 1 deletion apps/confidential/confidential.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ import (
"encoding/pem"
"errors"
"fmt"
"os"
"strings"

"github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache"
"github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base"
Expand Down Expand Up @@ -315,16 +317,21 @@ func New(authority, clientID string, cred Credential, options ...Option) (Client
if err != nil {
return Client{}, err
}

autoEnabledRegion := os.Getenv("MSAL_FORCE_REGION")
opts := clientOptions{
authority: authority,
// if the caller specified a token provider, it will handle all details of authentication, using Client only as a token cache
disableInstanceDiscovery: cred.tokenProvider != nil,
httpClient: shared.DefaultClient,
azureRegion: autoEnabledRegion,
}
for _, o := range options {
o(&opts)
}
if strings.EqualFold(opts.azureRegion, "DisableMsalForceRegion") {
opts.azureRegion = ""
}

baseOpts := []base.Option{
base.WithCacheAccessor(opts.accessor),
base.WithClientCapabilities(opts.capabilities),
Expand Down
Loading