Managed Identity dev experience improvements

[tkyc]

PR Resolves the following:

• [FEATURE REQUEST] Managed Identity dev experience improvements #1930
• [QUESTION] Is DefaultAzureCredential supported #1881
• [QUESTION] Dependencies and Configuration needed for database connectivity using Manage Identity in AKS #1844

Deprecated the following:

• Managed Identity token cache #1825

New authentication property values:

• authentication=ActiveDirectoryManagedIdentity
• authentication=DefaultAzureCredential EDIT: Later changed to authentication=ActiveDirectoryDefault

New environment variables:

• INTELLIJ_KEEPASS_PATH
• ADDITIONALLY_ALLOWED_TENANTS (comma delimited list of additionally allowed tenant IDs, used with DefaultAzureCredential)

To use the IntellijCredential with the driver, supply the connection string property authentication=DefaultAzureCredential and set the INTELLIJ_KEEPASS_PATH environment variable to the path of the keepass database.

[David-Engel]

There is one other change we need to make to align the JDBC driver with other drivers. We should deprecate the msiClientId get/set methods (but they should continue to work. Comment: "Use the getUser/setUser method instead.") This will include changing the Authentication=ActiveDirectoryMSI validation to allow specifying User in the connection string. If both msiClientId and User are specified, User should override msiClientId.

[lilgreenbird]

please run formatter looks like a lot of these files aren't formatted

[lilgreenbird]

can we add more info to the error message to make it easier to debug when there's a failure

[David-Engel]

Similarly, do we have more info if the Optional task fails or doesn't return a result? I don't know the API well...

[tkyc]

What additional info did you have in mind? I'll amend the error message to the following to be more clear as to the reason it is null.

Failed to acquire managed identity token. Request for the token succeeded, but no token was returned. The token is null.

[David-Engel]

Not sure. From the sounds of it, we don't have anything more available. The current iteration looks good.

[David-Engel]

Partial review

[David-Engel]

Similarly, do we have more info if the Optional task fails or doesn't return a result? I don't know the API well...

[tkyc]

@David-Engel For some reason there's no "reply" button for your comment. I'll just quote you and reply here.

Similarly, do we have more info if the Optional task fails or doesn't return a result? I don't know the API well...

If the Optional task fails, it will throw its own error. The resulting exception, since we're using the Azure Identity credentials, will be a CredentialUnavailableException.

A CredentialUnavailableException indicates the following:

1. Error in the provided information for the credential eg. wrong client ID of the user-assigned Managed Identity
2. Connection was dropped mid query for the token

Howerver, there isn't any more available information other than a null token if the Optional succeeds (eg. request for token went through but a null token was returned). In this case, as you suggested (since we shouldn't return null), we'll throw our own error.