New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Azure SP Personal Access Token Duration #110
Conversation
…r than int32. azure_auth now supports pat_token_duration_seconds to customize the temporary pat token. It will get deprecated when full support of AAD is released.
@sdebruyn this should resolve your issue and let the duration be customizable please take a quick look at this and if you have any comments on the new field name please let me know. |
LGTM! |
Codecov Report
@@ Coverage Diff @@
## master #110 +/- ##
==========================================
- Coverage 48.85% 48.85% -0.01%
==========================================
Files 60 60
Lines 7420 7437 +17
==========================================
+ Hits 3625 3633 +8
- Misses 3719 3728 +9
Partials 76 76
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not agree we need changes like this in provider. there's databricks_token
method that generates PAT and let it be the only thing that generates PATs for both MWS & Azure workspaces. It alone has stability issues in this provider.
databricks/azure_auth.go
Outdated
@@ -36,6 +36,7 @@ type TokenPayload struct { | |||
ClientSecret string | |||
ClientID string | |||
TenantID string | |||
PatTokenDuration int32 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this does not logically belong to azure auth, it's a mix of concerns here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be removed when support of secret scopes are available for AAD, it can be removed from the struct here and the workspace token function can be removed entirely. It should be transparent to the user if we choose to deprecate the pat_token_duration_seconds field and not use it in the code.
Needed some way to capture that from the schema. Currently the goal of the azure_auth functionality is to generate a pat token for users to use that service principal to provision resources. So we can keep this till that dependency is met.
This is not ideal but we can add an enhancement in the future to refresh this token so duration is not required field and that can be also transparent to the user.
…om:databrickslabs/terraform-provider-databricks into azure-sp-token-duration-fix � Conflicts: � client/service/tokens.go � databricks/azure_auth.go � databricks/provider.go � databricks/resource_databricks_token.go
…nabling testing, added default of 3600 seconds for pat token and added test for the default func; added docs
Hey @stikkireddy, TravisBuddy Request Identifier: 9cd1e320-b6b8-11ea-aaf6-456b40a357ff |
Hey @stikkireddy, TravisBuddy Request Identifier: 0d3ff8d0-b6ba-11ea-aaf6-456b40a357ff |
Hey @stikkireddy, TravisBuddy Request Identifier: 6506faf0-b6ba-11ea-aaf6-456b40a357ff |
…om:databrickslabs/terraform-provider-databricks into azure-sp-token-duration-fix � Conflicts: � databricks/azure_auth.go
Hey @stikkireddy, TravisBuddy Request Identifier: 51473000-b6e4-11ea-bb0d-6965ce86ea0c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
This lets the user control the duration of PAT token that the user creates. it introduces a new field
pat_token_duration_seconds
to theazure_auth
block in the provider.pat_token_duration_seconds
Fixes #66