Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Azure Auth order to be specified via azureAuthMethods component metadata #3217

Merged
merged 10 commits into from Nov 10, 2023
Merged

Allow Azure Auth order to be specified via azureAuthMethods component metadata #3217

merged 10 commits into from Nov 10, 2023

Conversation

berndverst
Copy link
Member

Description

Fixes #3183

Implements support for specifying the order of Azure Authentication methods to try. This allows an admin to also exclude authentication methods, or to complete disallow Azure authentication.

This is accomplished via a new global component metadata field for all Azure components azureAuthMethods. This field accepts a string of comma-separated values from the following list: ServicePrincipal, Certificate, WorkloadIdentity, ManagedIdentity, CLI, None

If the list contains None as one of the options, all Azure Auth will be disabled regardless of other options listed.

If azureAuthMethods is empty, or omitted (default behavior), then the current default behavior is maintained:

// 1. Client credentials
// 2. Client certificate
// 3. Workload identity
// 4. MSI (we use a timeout of 1 second when no compatible managed identity implementation is available)
// 5. Azure CLI

Issue reference

We strive to have all PR being opened based on an issue, where the problem or feature have been discussed prior to implementation.

Please reference the issue this PR will close: #3183

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • Code compiles correctly
  • Created/updated tests
  • Extended the documentation / Created issue in the https://github.com/dapr/docs/ repo: dapr/docs#[issue number]

@berndverst
Fix incorrect Eventhubs error message
97dc065 
Signed-off-by: Bernd Verst <github@bernd.dev>
@berndverst berndverst requested review from a team as code owners November 9, 2023 00:09
@berndverst berndverst mentioned this pull request Nov 9, 2023
Closed
@berndverst
Copy link
Member Author

/ok-to-test

@dapr-bot
Copy link
Collaborator

dapr-bot commented Nov 9, 2023
edited

Components certification test

🔗 Link to Action run

Commit ref: 67940b3

❌ Some certification tests failed

These tests failed:

  • bindings.azure.servicebusqueues
  • secretstores.hashicorp.vault

@dapr-bot
Copy link
Collaborator

dapr-bot commented Nov 9, 2023

Complete Build Matrix

The build status is currently not updated here. Please visit the action run below directly.

🔗 Link to Action run

Commit ref: 67940b3

@dapr-bot
Copy link
Collaborator

dapr-bot commented Nov 9, 2023
edited

Components conformance test

🔗 Link to Action run

Commit ref: 67940b3

✅ All conformance tests passed

All tests have reported a successful status

ItalyPaleAle
ItalyPaleAle requested changes Nov 9, 2023
View reviewed changes
internal/authentication/azure/metadata-properties.go Outdated Show resolved Hide resolved
internal/authentication/azure/metadata-properties.go Outdated Show resolved Hide resolved
internal/authentication/azure/metadata-properties.go Outdated Show resolved Hide resolved
internal/authentication/azure/auth_test.go Outdated Show resolved Hide resolved
internal/authentication/azure/auth_test.go Outdated Show resolved Hide resolved
internal/authentication/azure/auth.go Outdated Show resolved Hide resolved
berndverst and others added 7 commits November 9, 2023 12:13
@berndverst
Fix 3204: consul to accept hostnames again (dapr#3211)
cf4cc23 
Signed-off-by: Bernd Verst <github@bernd.dev>
@berndverst
Azure BlobStorage components: Add disableEntityManagement metadata …
4e12107 
…option (dapr#3213)

Signed-off-by: Bernd Verst <github@bernd.dev>
@berndverst
Allow Azure Auth order to be specified via azureAuthMethods metadata
6a0b625 
Signed-off-by: Bernd Verst <github@bernd.dev>
@berndverst @ItalyPaleAle
Update internal/authentication/azure/auth_test.go
20d74fc 
Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
Signed-off-by: Bernd Verst <github@bernd.dev>
@berndverst @ItalyPaleAle
Update internal/authentication/azure/auth_test.go
fb905e4 
Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
Signed-off-by: Bernd Verst <github@bernd.dev>
@luigirende @ItalyPaleAle @berndverst
AWS S3 Binding - Add Content-Type in the metadata request (dapr#3216)
9f955e5 
Signed-off-by: luigirende <luigirende@gmail.com>
Signed-off-by: luiren <luigirende@gmail.com>
Signed-off-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
Co-authored-by: luiren <luigi.rende@assistdigital.com>
Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
@berndverst
rename auth methods and provide shortnames
1c99146 
Signed-off-by: Bernd Verst <github@bernd.dev>
@berndverst
Merge branch 'main' into azureauthorder
f46d5cb
@berndverst
entraID auth
69bf714 
Signed-off-by: Bernd Verst <github@bernd.dev>
@berndverst berndverst merged commit 3bcd0c7 into dapr:main Nov 10, 2023
86 of 87 checks passed
@ItalyPaleAle ItalyPaleAle added this to the v1.13 milestone Nov 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ItalyPaleAle ItalyPaleAle ItalyPaleAle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.13
Development

Successfully merging this pull request may close these issues.

Azure: GetTokenCredential optionally disable certain auth methods
4 participants
@berndverst @dapr-bot @ItalyPaleAle @luigirende