Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auxiliary tenant IDs in the authentication process #610

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

auxiliary tenant IDs in the authentication process #610

wants to merge 9 commits into from
+72 −14

Conversation

ianjensenisme
Copy link
Contributor

This pull request focuses on adding support for auxiliary tenant IDs in the authentication process and updating related configurations. The most important changes include modifications to authentication methods, configuration structures, and provider setup.

Resolves #566

Authentication Enhancements:

  • Modified AuthenticateClientCertificate, AuthenticateClientSecret, AuthenticateUsingCli, AuthenticateOIDC, and AuthenticateAzDOWorkloadIdentityFederation methods to include AdditionallyAllowedTenants from client.config.AuxiliaryTenantIDs. (internal/api/auth.go) [1] [2] [3] [4] [5]

Configuration Updates:

  • Added AuxiliaryTenantIDs field to ProviderConfig and ProviderConfigModel structs. (internal/config/config.go) [1] [2]
  • Introduced environment variables ENV_VAR_POWER_PLATFORM_AUXILIARY_TENANT_IDS and ENV_VAR_ARM_AUXILIARY_TENANT_IDS. (internal/constants/constants.go) [1] [2]

Provider Configuration:

  • Added handling for auxiliary_tenant_ids in the provider schema and configuration setup. (internal/provider/provider.go) [1] [2] [3] [4]

Helper Functions:

  • Added GetListStringValues function to handle list values from configuration or environment variables. (internal/helpers/config.go)

Testing:

  • Added a unit test TestUnitApiClient_AuxTenants_GetConfig to verify the auxiliary tenant IDs configuration. (internal/api/client_test.go)

github-actions[bot] added 2 commits March 1, 2025 07:02
WIP

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
35e8f08
Adding auxtenant property to the other auth options and adding a basi…
Loading
Loading status checks…
fd49f7e 
…c test for auxtenant.
@ianjensenisme ianjensenisme added the enhancement New feature or request label Mar 3, 2025
@ianjensenisme ianjensenisme self-assigned this Mar 3, 2025
@ianjensenisme ianjensenisme requested a review from Copilot March 3, 2025 04:16
@ianjensenisme ianjensenisme enabled auto-merge (squash) March 3, 2025 04:16
Copilot
Copilot AI reviewed Mar 3, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR adds support for auxiliary tenant IDs to enhance the authentication process and updates the provider configuration accordingly.

  • Added a function to extract list string values from configuration and environment variables.
  • Updated authentication methods to pass auxiliary tenant IDs to underlying credential providers.
  • Enhanced provider schema and configuration to incorporate auxiliary tenant IDs.

Reviewed Changes

File Description
internal/helpers/config.go Added GetListStringValues function for extracting list values from config or env vars.
internal/api/client_test.go Introduced a new unit test to verify auxiliary tenant IDs configuration.
internal/api/auth.go Updated authentication methods to include auxiliary tenant IDs in credential options.
internal/provider/provider.go Added "auxiliary_tenant_ids" to the provider schema and adjusted configuration for MSI.
internal/constants/constants.go Introduced new environment variable constants for auxiliary tenant IDs.
internal/config/config.go Extended configuration structs with the auxiliary tenant IDs field.
internal/services/environment/resource_environment.go Removed an extra empty line.

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (2)

internal/helpers/config.go:51

  • [nitpick] Avoid shadowing the 'value' parameter by renaming the local variable (e.g., 'envVal') to improve clarity.
if value, ok := os.LookupEnv(k); ok && value != "" {

internal/provider/provider.go:312

  • [nitpick] Consider refactoring the conversion of types.List to []string for clarity and efficiency; using a dedicated helper or built-in conversion (if available) might improve maintainability.
// TODO there has to be a better way than starting with the slice and converting it..
@ianjensenisme
Copy link
Contributor Author

Would love reviewer input on the types.List-to-[]string debacle, as well as whether I can set up any more robust tests with our current test tenant resources.

mattdot
mattdot reviewed Mar 3, 2025
View reviewed changes
@mattdot mattdot changed the title Ianjensenisme/566 auth aux tenants auxiliary tenant IDs in the authentication process Mar 3, 2025
@mattdot
Copy link
Member

mattdot commented Mar 3, 2025

You are missing changie record

@ianjensenisme
Copy link
Contributor Author

@mawasile and @mattdot : I manually tested aux tenant functionality tonight and it seems fine. Let me know if you have any preferences on automated tests. I'm limited in what I can do with the project's single tenant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattdot mattdot

Copilot code review Copilot

@mawasile mawasile

@leighatami leighatami

@polatengin polatengin

@eduardodfmex eduardodfmex

At least 1 approving review is required to merge this pull request.

Assignees

@ianjensenisme ianjensenisme

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add aux tenants to AzDo Workload Identity Federation
3 participants
@ianjensenisme @mattdot @mawasile