Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for workload identity #2619

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Added support for workload identity #2619

wants to merge 13 commits into from
+200 −142

Conversation

gapra-msft
Copy link
Member

@gapra-msft gapra-msft commented Mar 21, 2024
edited

  1. Marks the servicePrincipal and identity flags as soon to be deprecated. This is replaced by login-type.
  2. Currently we have custom workload identity flags/env variables, but to me it seems reasonable to just rely on the default of the environment variables the Identity SDK uses, this would reduce our test burden.

@gapra-msft gapra-msft marked this pull request as draft March 21, 2024 22:09
sugibuchi
sugibuchi reviewed Mar 22, 2024
View reviewed changes
common/environment.go Outdated Show resolved Hide resolved
gapra-msft
gapra-msft commented Mar 22, 2024
View reviewed changes
cmd/login.go Outdated Show resolved Hide resolved
@gapra-msft gapra-msft linked an issue Apr 3, 2024 that may be closed by this pull request
Support for AAD Workload Identity #2545
Open
@gapra-msft gapra-msft marked this pull request as ready for review May 8, 2024 21:37
adreed-msft
adreed-msft reviewed May 9, 2024
View reviewed changes
e2etest/zt_newe2e_workload_test.go
func (s *WorkloadIdentitySuite) Scenario_SingleFileUploadDownloadWorkloadIdentity(svm *ScenarioVariationManager) {
// Run only in environments that support and are set up for Workload Identity (ex: Azure Pipeline, Azure Kubernetes Service)
if os.Getenv("NEW_E2E_ENVIRONMENT") != "AzurePipeline" {
svm.InvalidateScenario()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: logging skips may be a good idea-- But there's no proper mechanism for this at the moment.

InvalidateScenario was intended to basically be "in no context does this scenario ever make sense, or should it ever exist", like local to local.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can add a svm.Skip thing and enhance the e2e framework then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sugibuchi sugibuchi sugibuchi left review comments

@adreed-msft adreed-msft adreed-msft approved these changes

@nakulkar-msft nakulkar-msft Awaiting requested review from nakulkar-msft nakulkar-msft is a code owner

@siminsavani-msft siminsavani-msft Awaiting requested review from siminsavani-msft siminsavani-msft is a code owner

@vibhansa-msft vibhansa-msft Awaiting requested review from vibhansa-msft vibhansa-msft is a code owner

@seanmcc-msft seanmcc-msft Awaiting requested review from seanmcc-msft seanmcc-msft is a code owner

@pranavmalik-msft pranavmalik-msft Awaiting requested review from pranavmalik-msft pranavmalik-msft is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@adreed-msft adreed-msft

@pranavmalik-msft pranavmalik-msft

Labels
pr-ready-for-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for AAD Workload Identity
4 participants
@gapra-msft @sugibuchi @adreed-msft @pranavmalik-msft