Skip to content

feat: add Azure IMDS authentication support #371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add Azure IMDS authentication support #371

wants to merge 1 commit into from

Conversation

emasab
Copy link
Contributor

@emasab emasab commented Sep 24, 2025

  • Updated CHANGELOG.md for v1.6.0 release with enhancements.
  • Changed librdkafka version to dev_oauthbearer_metadata_based (to be changed later)
  • Implemented Azure IMDS OAuth client and token provider.
  • Added support for Azure IMDS in RestService.
  • Refactor RestService bearer authentication methods.
  • Added tests for Azure IMDS OAuth client functionality.

Please prefix all TypeScript pull-requests with [Typescript]

What

Checklist

  • Contains customer facing changes? Including API/behavior changes
  • Did you add sufficient unit test and/or integration test coverage for this PR?
    • If not, please explain why it is not required

References

JIRA:

Test & Review

Unit tests are present. Will attach test results on an Azure instance.

Open questions / Follow-ups

@emasab
feat: add Azure IMDS authentication support
4fd08e7 
- Updated CHANGELOG.md for v1.6.0 release with enhancements.
- Changed librdkafka version to dev_oauthbearer_metadata_based (to be changed later)
- Implemented Azure IMDS OAuth client and token provider.
- Added support for Azure IMDS in RestService.
- Refactor RestService bearer authentication methods.
- Added tests for Azure IMDS OAuth client functionality.
@Copilot Copilot AI review requested due to automatic review settings September 24, 2025 17:31
@emasab emasab requested review from a team as code owners September 24, 2025 17:31
Copilot
Copilot AI reviewed Sep 24, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds Azure IMDS (Instance Metadata Service) OAuth authentication support to the TypeScript Schema Registry client, enabling authentication using Azure managed identities.

  • Implements Azure IMDS OAuth client with token fetching and expiration handling
  • Refactors OAuth authentication architecture with abstract base classes and builder pattern
  • Adds comprehensive test coverage for Azure IMDS functionality

Reviewed Changes

Copilot reviewed 14 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
schemaregistry/oauth/oauth-client-azure-imds.ts New Azure IMDS OAuth client implementation with token management
schemaregistry/oauth/abstract-oauth-client.ts New abstract base classes for OAuth clients and token providers
schemaregistry/oauth/bearer-token-provider.ts New interface definitions for bearer token providers
schemaregistry/oauth/static-token-provider.ts New static token provider implementation
schemaregistry/oauth/oauth-client.ts Refactored existing OAuth client to use new abstract architecture
schemaregistry/rest-service.ts Updated to use new bearer token provider architecture
schemaregistry/test/oauth-client-azure-imds.spec.ts Comprehensive test suite for Azure IMDS OAuth functionality
schemaregistry/test/oauth-client.spec.ts Updated tests to work with refactored OAuth client
schemaregistry-examples/src/kafka-oauth.ts Added example demonstrating Azure IMDS usage
schemaregistry-examples/src/constants.ts Added Azure IMDS configuration constant
package.json Updated librdkafka version to development branch
lib/error.js Updated version comment to match new librdkafka version
deps/librdkafka Updated submodule to development branch
CHANGELOG.md Added v1.6.0 release notes

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

CHANGELOG.md

### Enhancements

1. References librdkafka v2.12.0. Refer to the [librdkafka v2.12.0 release notes](https://github.com/confluentinc/librdkafka/releases/tag/v2.12.0) for more information.
Copy link
Preview

Copilot AI Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changelog references librdkafka v2.12.0 but the package.json uses "dev_oauthbearer_metadata_based". These versions should be consistent.

Suggested change
1. References librdkafka v2.12.0. Refer to the [librdkafka v2.12.0 release notes](https://github.com/confluentinc/librdkafka/releases/tag/v2.12.0) for more information.
1. References librdkafka "dev_oauthbearer_metadata_based". Refer to the [librdkafka dev_oauthbearer_metadata_based branch](https://github.com/confluentinc/librdkafka/tree/dev_oauthbearer_metadata_based) for more information.

Copilot uses AI. Check for mistakes.

schemaregistry/test/oauth-client.spec.ts
tokenPath,
scope,
scope
}
Copy link
Preview

Copilot AI Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing semicolon after the bearerAuthCredentials object declaration.

Suggested change
}
};

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@emasab