Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Token Caching Support For Managed Identity #30282

Merged
merged 13 commits into from
Aug 12, 2022
Merged

Add Token Caching Support For Managed Identity #30282

merged 13 commits into from
Aug 12, 2022

Conversation

g2vinay
Copy link
Member

@g2vinay g2vinay commented Aug 4, 2022

Integrates the Managed Identity Auth flow to use In Memory Token Caching

Vinay Gera added 2 commits August 1, 2022 12:11
@ghost ghost added the Azure.Identity label Aug 4, 2022
@g2vinay g2vinay requested a review from billwert August 4, 2022 20:57
@azure-sdk
Copy link
Collaborator

API change check

APIView has identified API level changes in this PR and created following API reviews.

azure-identity

@g2vinay g2vinay requested review from srnagar and mssfang August 4, 2022 21:04
@g2vinay g2vinay requested a review from schaabs August 4, 2022 21:35
billwert
billwert requested changes Aug 5, 2022
View reviewed changes
Copy link
Contributor

@billwert billwert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Can we add better tests for the new codepath? I think the modification to the existing tests is just to ensure we hit the getTokenFromTargetManagedIdentity change.
  2. In the places where a public credential type has been changed to call authenticateWithManagedIdentityConfidentialClient should we private the correponding IdentityClient method? (For example authenticateToArcManagedIdentityEndpoint

sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java
return clientOptions.setManagedIdentityType(ManagedIdentityType.VM);
case AKS:
return clientOptions.setManagedIdentityType(ManagedIdentityType.AKS);
default:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is NONE really a valid value? should this be an error?

Copy link
Member Author

@g2vinay g2vinay Aug 11, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed NONE on second design iteration.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I'm not sure that's entirely right either - now won't the default value be VM? We probably need a NONE or DEFAULT to indicate the unchosen value?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah in our code flow we default to VM, that's our default based on the logic we follow.
None or Unchosen are invalid states to have and are equivalent to the value being null.

sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java Show resolved Hide resolved
sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java Outdated Show resolved Hide resolved
sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java Outdated Show resolved Hide resolved
@g2vinay
Copy link
Member Author

g2vinay commented Aug 11, 2022
edited
Loading

  1. Can we add better tests for the new codepath? I think the modification to the existing tests is just to ensure we hit the getTokenFromTargetManagedIdentity change.
  2. In the places where a public credential type has been changed to call authenticateWithManagedIdentityConfidentialClient should we private the correponding IdentityClient method? (For example authenticateToArcManagedIdentityEndpoint

For 1. We can add some Identity Client level helper method tests, which I will push in next commit, Msal callback flow is tested on msal end

For 2. It is an impl class, nothing that impacts users from API point of view, we can make it private, but won't create any user impact.

@billwert
Copy link
Contributor

For 2. It is an impl class, nothing that impacts users from API point of view, we can make it private, but won't create any user impact.

Yeah, I was thinking to be clear about our intent that these methods are not to be used from other creds in the future.

@g2vinay g2vinay requested a review from billwert August 12, 2022 00:19
Vinay Gera added 2 commits August 11, 2022 18:11
billwert
billwert approved these changes Aug 12, 2022
View reviewed changes
Copy link
Contributor

@billwert billwert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@g2vinay g2vinay marked this pull request as ready for review August 12, 2022 17:09
@g2vinay g2vinay merged commit b45adeb into Azure:main Aug 12, 2022
@g2vinay g2vinay mentioned this pull request Aug 15, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srnagar srnagar srnagar approved these changes

@billwert billwert billwert approved these changes

@mssfang mssfang Awaiting requested review from mssfang

@schaabs schaabs Awaiting requested review from schaabs

@alzimmermsft alzimmermsft Awaiting requested review from alzimmermsft alzimmermsft is a code owner

@samvaity samvaity Awaiting requested review from samvaity samvaity is a code owner

@JonathanGiles JonathanGiles Awaiting requested review from JonathanGiles JonathanGiles is a code owner

@backwind1233 backwind1233 Awaiting requested review from backwind1233

@chenrujun chenrujun Awaiting requested review from chenrujun

@hui1110 hui1110 Awaiting requested review from hui1110

@Netyyyy Netyyyy Awaiting requested review from Netyyyy Netyyyy is a code owner

@saragluna saragluna Awaiting requested review from saragluna saragluna is a code owner

@stliu stliu Awaiting requested review from stliu

@yiliuTo yiliuTo Awaiting requested review from yiliuTo

@moarychan moarychan Awaiting requested review from moarychan moarychan is a code owner

@joshfree joshfree Awaiting requested review from joshfree joshfree is a code owner

@JamesBirdsall JamesBirdsall Awaiting requested review from JamesBirdsall

@sjkwak sjkwak Awaiting requested review from sjkwak sjkwak is a code owner

Assignees
No one assigned
Labels
Azure.Identity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@g2vinay @azure-sdk @billwert @srnagar