azidentity credentials preserve MSAL headers (Azure#22098)

chlowell · Jan 8, 2024 · bcb9933 · bcb9933
1 parent 35ad235
commit bcb9933
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 1 deletion.
diff --git a/sdk/azidentity/CHANGELOG.md b/sdk/azidentity/CHANGELOG.md
@@ -1,5 +1,26 @@
 # Release History
 
+## 1.4.1 (2024-01-16)
+
+### Bugs Fixed
+* Credentials now preserve MSAL headers e.g. X-Client-Sku
+
+## 1.5.0-beta.2 (2023-11-07)
+
+### Features Added
+* `DefaultAzureCredential` and `ManagedIdentityCredential` support Azure ML managed identity
+* Added spans for distributed tracing.
+
+## 1.5.0-beta.1 (2023-10-10)
+
+### Features Added
+* Optional persistent token caching for most credentials. Set `TokenCachePersistenceOptions`
+  on a credential's options to enable and configure this. See the package documentation for
+  this version and [TOKEN_CACHING.md](https://aka.ms/azsdk/go/identity/caching) for more
+  details.
+* `AzureDeveloperCLICredential` authenticates with the Azure Developer CLI (`azd`). This
+  credential is also part of the `DefaultAzureCredential` authentication flow.
+
 ## 1.4.0 (2023-10-10)
 
 ### Bugs Fixed

diff --git a/sdk/azidentity/azidentity.go b/sdk/azidentity/azidentity.go
@@ -153,6 +153,17 @@ func (p pipelineAdapter) Do(r *http.Request) (*http.Response, error) {
 			return nil, err
 		}
 	}
+
+	// copy headers to the new request, ignoring any for which the new request has a value
+	h := req.Raw().Header
+	for key, vals := range r.Header {
+		if _, has := h[key]; !has {
+			for _, val := range vals {
+				h.Add(key, val)
+			}
+		}
+	}
+
 	resp, err := p.pl.Do(req)
 	if err != nil {
 		return nil, err

diff --git a/sdk/azidentity/azidentity_test.go b/sdk/azidentity/azidentity_test.go
@@ -7,11 +7,14 @@
 package azidentity
 
 import (
+	"bytes"
 	"context"
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
+	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"strings"

diff --git a/sdk/azidentity/live_test.go b/sdk/azidentity/live_test.go
@@ -18,6 +18,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
 
@@ -142,7 +143,19 @@ func run(m *testing.M) int {
 	switch recording.GetRecordMode() {
 	case recording.PlaybackMode:
 		setFakeValues()
-		err := recording.SetBodilessMatcher(nil, nil)
+		err := recording.SetDefaultMatcher(nil, &recording.SetDefaultMatcherOptions{
+			CompareBodies: to.Ptr(false),
+			// ignore the presence/absence/value of these headers because
+			// MSAL sets them and they don't affect azidentity behavior
+			ExcludedHeaders: []string{
+				"Client-Request-Id",
+				"Return-Client-Request-Id",
+				"X-Client-Cpu",
+				"X-Client-Os",
+				"X-Client-Sku",
+				"X-Client-Ver",
+			},
+		})
 		if err != nil {
 			panic(err)
 		}