New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding DefaultAzureCredentialOptions to ManagedIdentityTokenSource() #1407
Conversation
…tityTokenSource()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I love this idea! I think we should add some unit tests to make sure the various configuration options work correctly, though. I've added a few other comments as well.
src/WebJobs.Extensions.DurableTask/ManagedIdentityTokenSource.cs
Outdated
Show resolved
Hide resolved
src/WebJobs.Extensions.DurableTask/ManagedIdentityTokenSource.cs
Outdated
Show resolved
Hide resolved
src/WebJobs.Extensions.DurableTask/ManagedIdentityTokenSource.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll want to make sure that our other language implementations can also specify the "options" parameter for managed identities. Can you sync with @davidmrdavid to see where and whether we need to make corresponding changes for JS and Python?
Sorry, one more thing: can you update the the CallHttpActionOrchestrationWithManagedIdentity unit test to cover the "options" setting? |
Supporting Is it possible to not support @cgillum @ConnorMcMahon Any thoughts on how to handle |
Hmm...this is problematic. There is no way we can safely serialize all these fields (especially not The safest approach might be to create our own type instead of relying on Having our own type could also simplify documentation and cross-language support. @bachuv @ConnorMcMahon thoughts? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few more things to address before merging.
src/WebJobs.Extensions.DurableTask/ManagedIdentityTokenSource.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, just a few small suggestions around the tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I sign off as well!
These changes resolve #1279 by adding an optional
ManagedIdentityOptions
parameter toManagedIdentityTokenSource()
.ManagedIdentityOptions
is a new type that is introduced with these changes.The issue mentioned wanted the ability to configure
azureAdInstance
andtenantId
.ManagedIdentityOptions.AuthorityHost
is equivalent toazureAdInstance
andManagedIdentityOptions.TenantId
is equivalent totenantId
.