Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auxiliary tenant IDs in the authentication process #610

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

ianjensenisme
Copy link
Contributor

This pull request focuses on adding support for auxiliary tenant IDs in the authentication process and updating related configurations. The most important changes include modifications to authentication methods, configuration structures, and provider setup.

Resolves #566

Authentication Enhancements:

  • Modified AuthenticateClientCertificate, AuthenticateClientSecret, AuthenticateUsingCli, AuthenticateOIDC, and AuthenticateAzDOWorkloadIdentityFederation methods to include AdditionallyAllowedTenants from client.config.AuxiliaryTenantIDs. (internal/api/auth.go) [1] [2] [3] [4] [5]

Configuration Updates:

  • Added AuxiliaryTenantIDs field to ProviderConfig and ProviderConfigModel structs. (internal/config/config.go) [1] [2]
  • Introduced environment variables ENV_VAR_POWER_PLATFORM_AUXILIARY_TENANT_IDS and ENV_VAR_ARM_AUXILIARY_TENANT_IDS. (internal/constants/constants.go) [1] [2]

Provider Configuration:

  • Added handling for auxiliary_tenant_ids in the provider schema and configuration setup. (internal/provider/provider.go) [1] [2] [3] [4]

Helper Functions:

  • Added GetListStringValues function to handle list values from configuration or environment variables. (internal/helpers/config.go)

Testing:

  • Added a unit test TestUnitApiClient_AuxTenants_GetConfig to verify the auxiliary tenant IDs configuration. (internal/api/client_test.go)

@ianjensenisme ianjensenisme added the enhancement New feature or request label Mar 3, 2025
@ianjensenisme ianjensenisme self-assigned this Mar 3, 2025
@ianjensenisme ianjensenisme requested a review from Copilot March 3, 2025 04:16
@ianjensenisme ianjensenisme enabled auto-merge (squash) March 3, 2025 04:16

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR adds support for auxiliary tenant IDs to enhance the authentication process and updates the provider configuration accordingly.

  • Added a function to extract list string values from configuration and environment variables.
  • Updated authentication methods to pass auxiliary tenant IDs to underlying credential providers.
  • Enhanced provider schema and configuration to incorporate auxiliary tenant IDs.

Reviewed Changes

File Description
internal/helpers/config.go Added GetListStringValues function for extracting list values from config or env vars.
internal/api/client_test.go Introduced a new unit test to verify auxiliary tenant IDs configuration.
internal/api/auth.go Updated authentication methods to include auxiliary tenant IDs in credential options.
internal/provider/provider.go Added "auxiliary_tenant_ids" to the provider schema and adjusted configuration for MSI.
internal/constants/constants.go Introduced new environment variable constants for auxiliary tenant IDs.
internal/config/config.go Extended configuration structs with the auxiliary tenant IDs field.
internal/services/environment/resource_environment.go Removed an extra empty line.

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (2)

internal/helpers/config.go:51

  • [nitpick] Avoid shadowing the 'value' parameter by renaming the local variable (e.g., 'envVal') to improve clarity.
if value, ok := os.LookupEnv(k); ok && value != "" {

internal/provider/provider.go:312

  • [nitpick] Consider refactoring the conversion of types.List to []string for clarity and efficiency; using a dedicated helper or built-in conversion (if available) might improve maintainability.
// TODO there has to be a better way than starting with the slice and converting it..
@ianjensenisme
Copy link
Contributor Author

Would love reviewer input on the types.List-to-[]string debacle, as well as whether I can set up any more robust tests with our current test tenant resources.

@@ -45,6 +45,35 @@ func TestUnitApiClient_GetConfig(t *testing.T) {
}
}

func TestUnitApiClient_AuxTenants_GetConfig(t *testing.T) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand what you're testing for.

@mattdot mattdot changed the title Ianjensenisme/566 auth aux tenants auxiliary tenant IDs in the authentication process Mar 3, 2025
@mattdot
Copy link
Member

mattdot commented Mar 3, 2025

You are missing changie record

Comment on lines +311 to +317
// Convert the slice to an array
// TODO there has to be a better way than starting with the slice and converting it..
auxiliaryTenantIDsList := make([]string, len(auxiliaryTenantIDs.Elements()))
for i, v := range auxiliaryTenantIDs.Elements() {
auxiliaryTenantIDsList[i] = v.String()
}
p.Config.AuxiliaryTenantIDs = auxiliaryTenantIDsList
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this work?

var tenantIDs []string
diags := auxiliaryTenantIDs.ValueAs(ctx, &tenantIDs)
if diags.HasError() {
    // handle conversion errors appropriately
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add aux tenants to AzDo Workload Identity Federation
3 participants