-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Identity azure pipelines service connection #40246
Identity azure pipelines service connection #40246
Conversation
API change check APIView has identified API level changes in this PR and created following API reviews. |
/azp run java - identity - tests |
No pipelines are associated with this pull request. |
sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredential.java
Outdated
Show resolved
Hide resolved
...dentity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredentialBuilder.java
Outdated
Show resolved
Hide resolved
...dentity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredentialBuilder.java
Outdated
Show resolved
Hide resolved
/azp run java - identity |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run java - identity |
Azure Pipelines successfully started running 1 pipeline(s). |
@@ -283,6 +284,8 @@ Get-AzAccessToken -ResourceUrl "https://management.core.windows.net" | |||
|---|---|---| | |||
|`CredentialUnavailableException` raised with message. "IntelliJ Authentication not available. Please log in with Azure Tools for IntelliJ plugin in the IDE."| The Credential was not able to locate the cached token to use for authentication. | Ensure that you login on the Azure Tools for IntelliJ plugin, that will populate the cache for the credential to pick up. | |||
|
|||
## Troubleshoot `AzurePipelinesCredential` authentication issues | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this meant to be empty ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, waiting on copy from @KarishmaGhiya.
sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredential.java
Show resolved
Hide resolved
...dentity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredentialBuilder.java
Show resolved
Hide resolved
@@ -62,7 +62,7 @@ HttpPipeline getHttpPipeline(HttpClient httpClient) { | |||
if (interceptorManager.isPlaybackMode()) { | |||
List<TestProxyRequestMatcher> customMatchers = new ArrayList<>(); | |||
customMatchers.add(new BodilessMatcher()); | |||
customMatchers.add(new CustomMatcher().setExcludedHeaders(Collections.singletonList("X-MRC-CV"))); | |||
customMatchers.add(new CustomMatcher().setExcludedHeaders(Arrays.asList("X-MRC-CV", "x-client-CPU"))); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This actually snuck in from another PR; will remove it.
if (client == null) { | ||
HttpClient.createDefault(); | ||
} | ||
HttpPipeline pipeline = IdentityClientBase.setupPipeline(client, identityClientOptions); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should refactor this to utilize/reuse a single instance of Pipeline from IdentityClientBase.
This is not consistent with the pattern of single pipeline instance per client with other SDKs.
One way, is to make this a Function<HttpPipeline, Supplier<String>>
, apply the function in IdentityClient when assertion is needed to be passed to msal.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will look at this in a refactor before GA.
} | ||
HttpPipeline pipeline = IdentityClientBase.setupPipeline(client, identityClientOptions); | ||
try { | ||
URL url = new URL(requestUrl); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is all impl logic, it can be moved to IdentityClientBase and accessed directly there with the pipeline instance in the client.
@@ -3,6 +3,7 @@ | |||
## 1.13.0-beta.1 (Unreleased) | |||
|
|||
### Features Added | |||
- Added `AzurePipelinesCredential` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can elaborate on what use case this credential solves as a one liner here.
/azp run java - identity |
Azure Pipelines successfully started running 1 pipeline(s). |
@billwert Please also add a row for the new credential type to the top of this table: https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/README.md#authenticate-service-principals |
done. |
d6bb253
to
50c6f45
Compare
@@ -3,6 +3,7 @@ | |||
## 1.13.0-beta.1 (Unreleased) | |||
|
|||
### Features Added | |||
- Added `AzurePipelinesCredential` to support [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'll want to add something like "in Azure Pipelines service connections" at the end of this sentence.
...dentity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredentialBuilder.java
Outdated
Show resolved
Hide resolved
...dentity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredentialBuilder.java
Outdated
Show resolved
Hide resolved
...dentity/azure-identity/src/main/java/com/azure/identity/AzurePipelinesCredentialBuilder.java
Outdated
Show resolved
Hide resolved
…zurePipelinesCredentialBuilder.java Co-authored-by: Scott Addie <[email protected]>
…zurePipelinesCredentialBuilder.java Co-authored-by: Scott Addie <[email protected]>
…zurePipelinesCredentialBuilder.java Co-authored-by: Scott Addie <[email protected]>
…/github.com/billwert/azure-sdk-for-java into identity-azure-pipelines-service-connection
Closes #36842
Description
Please add an informative description that covers that changes made by the pull request and link all relevant issues.
If an SDK is being regenerated based on a new swagger spec, a link to the pull request containing these swagger spec changes has been included above.
All SDK Contribution checklist:
General Guidelines and Best Practices
Testing Guidelines