Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement workload identity-based token generation #23

Merged
merged 1 commit into from
Aug 28, 2024

Conversation

matt-carr
Copy link
Contributor

@matt-carr matt-carr commented Aug 28, 2024

Closes #22

Tested with the following test (not included because it wouldn't be particularly useful 🙃 )

  def test_acquire_access_token_mount_provided
    fed_token = "<snip>"
    file = Tempfile.new('azure_token')
    file.write(fed_token)
    file.close
    test_config = %[
      azure_use_workload_id true
      azure_federated_token_file_path #{file.path}
      azure_storage_account <snip>
      azure_oauth_tenant_id <snip>
      azure_oauth_app_id <snip>
      azure_container <snip>
      path log
      utc
      buffer_type memory
    ]
    d = create_driver(test_config)
    token = d.instance.instance_eval{acquire_access_token}
    assert token != nil
  end

Got a green run.

azurestorage_gen2: Token response: {"token_type"=>"Bearer", "expires_in"=>"86399", "ext_expires_in"=>"86399", "expires_on"=>"1724954202", "not_before"=>"1724867502", "resource"=>"https://storage.azure.com/", "access_token"=>"<snip>"}

Not ideal but at least it validates that we can get a token, which then feeds into the rest of the run.

@oleewere
Copy link
Owner

thanks for the contribution, sorry not reacted for the issue, just seeing it now

@oleewere oleewere merged commit 729dbd8 into oleewere:master Aug 28, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[feature request] Entra Workload ID auth Support
2 participants