New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure SDK "track 2": authentication and secretstore/azure/keyvault #1290
Conversation
Thanks for the PR @ItalyPaleAle. I will review! |
Reintroduce changes from PR 1132 without updating ASB
As per conversation with @berndverst
Two notes after a code review:
|
Update certification tests with no auth libraries
Thanks @ItalyPaleAle. Dapr will have to revisit the proper handling and setting of context throughout components as part of resiliency feature plans. |
Codecov Report
@@ Coverage Diff @@
## master #1290 +/- ##
==========================================
- Coverage 35.02% 34.82% -0.21%
==========================================
Files 148 148
Lines 12825 12899 +74
==========================================
Hits 4492 4492
- Misses 7853 7923 +70
- Partials 480 484 +4
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this PR enabling the Track 2 auth / identity libraries in addition to the existing ones.
I verified these additions (and existing tests) work. I updated my KeyVault certification tests which validate all auth mechanisms to run against this PR. The tests pass.
I also manually verified that managed identity works in production with these changes! |
@greenie-msft @paulyuk you will enjoy this PR as this adds support for the Track 2 Identity libraries / the AAD auth mechanisms required for all Track 2 SDKs. |
cc @artursouza this is ready for your review |
LGTM overall, just one concern about using env variables in unit testing. |
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amitm@at-bay.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amitm@at-bay.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amitm@at-bay.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amitm@at-bay.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amitm@at-bay.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amitm@at-bay.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amitm@at-bay.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amit.mor@hotmail.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Amit Mor <amit.mor@hotmail.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: jigargandhi <jigarr.gandhi@gmail.com>
…apr#1290) * Authentication for new Azure SDK * Updated keyvault to use new Azure SDK * 🙈 * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Update authentication/azure/auth.go * Reintroduce changes from PR 1132 without updating ASB * Lint 💄 * Marking contexts as TODO as they'll need a timeout As per conversation with @berndverst * Update certification tests with no auth libraries Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> Signed-off-by: Ian Luo <ian.luo@gmail.com>
Description
This PR is yet another step into addressing #1103.
The Azure SDK team is rebuilding all services SDKs essentially from scratch, in a more streamlined way. Sadly, that also comes with a complete rewrite of the auth logic, and the previous auth logic implemented for the "common Azure auth layer" is not compatible with the "track 2" Azure SDKs.
This PR updates the secretstore/azure/keyvault component to use the new Azure Key Vault secret store SDK (https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azsecrets) that is part of "track 2".
Most importantly, however, this PR introduces support for the new Azure Identity client module (https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity) which all the updated SDKs rely on.
While the internals of the Azure Key Vault secret store have changed, the code should be fully backwards-compatible for Dapr users.
PS: I have tested this against a live Key Vault resource in my Azure subscription, but I do not have a way to test it against Azure China or other clouds. If anyone could help with that, it would be great!
Issue reference
#1103 (doesn't close the issue, but it's part of that larger story)
Checklist
Please make sure you've completed the relevant tasks for this PR, out of the following list: