Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backend/remote-state/azure: defaulting the Azure Backend to use MSAL #30891

Merged
merged 2 commits into from Apr 20, 2022
Merged

backend/remote-state/azure: defaulting the Azure Backend to use MSAL #30891

merged 2 commits into from Apr 20, 2022

Conversation

tombuildsstuff
Copy link
Member

This PR changes the default value of use_microsoft_graph within the Azure Backend from false to true - which was announced when this field was introduced in Terraform 1.1.

For end-users there should be no difference in obtaining a MSAL Token rather than an ADAL Token (although permissions changes may be needed for Microsoft Graph, rather than Azure Active Directory)

Fixes #30881

$ TF_ACC=1 envchain azurerm go test -v -timeout 900m ./internal/backend/remote-state/azure/...
=== RUN   TestBackend_impl
--- PASS: TestBackend_impl (0.00s)
=== RUN   TestBackendConfig
--- PASS: TestBackendConfig (0.00s)
=== RUN   TestBackendAccessKeyBasic
--- PASS: TestBackendAccessKeyBasic (109.04s)
=== RUN   TestBackendSASTokenBasic
--- PASS: TestBackendSASTokenBasic (103.46s)
=== RUN   TestBackendADALAzureADAuthBasic
--- PASS: TestBackendADALAzureADAuthBasic (119.88s)
=== RUN   TestBackendADALManagedServiceIdentityBasic
--- SKIP: TestBackendADALManagedServiceIdentityBasic (0.00s)
=== RUN   TestBackendADALServicePrincipalClientCertificateBasic
--- SKIP: TestBackendADALServicePrincipalClientCertificateBasic (0.00s)
=== RUN   TestBackendADALServicePrincipalClientSecretBasic
--- PASS: TestBackendADALServicePrincipalClientSecretBasic (170.48s)
=== RUN   TestBackendADALServicePrincipalClientSecretCustomEndpoint
--- SKIP: TestBackendADALServicePrincipalClientSecretCustomEndpoint (0.00s)
=== RUN   TestBackendMSALAzureADAuthBasic
--- PASS: TestBackendMSALAzureADAuthBasic (104.74s)
=== RUN   TestBackendMSALManagedServiceIdentityBasic
--- SKIP: TestBackendMSALManagedServiceIdentityBasic (0.00s)
=== RUN   TestBackendMSALServicePrincipalClientCertificateBasic
--- SKIP: TestBackendMSALServicePrincipalClientCertificateBasic (0.00s)
=== RUN   TestBackendMSALServicePrincipalClientSecretBasic
--- PASS: TestBackendMSALServicePrincipalClientSecretBasic (110.37s)
=== RUN   TestBackendMSALServicePrincipalClientSecretCustomEndpoint
--- SKIP: TestBackendMSALServicePrincipalClientSecretCustomEndpoint (0.00s)
=== RUN   TestBackendAccessKeyLocked
--- PASS: TestBackendAccessKeyLocked (104.40s)
=== RUN   TestBackendServicePrincipalLocked
--- PASS: TestBackendServicePrincipalLocked (105.28s)
=== RUN   TestRemoteClient_impl
--- PASS: TestRemoteClient_impl (0.00s)
=== RUN   TestRemoteClientAccessKeyBasic
--- PASS: TestRemoteClientAccessKeyBasic (100.07s)
=== RUN   TestRemoteClientManagedServiceIdentityBasic
--- SKIP: TestRemoteClientManagedServiceIdentityBasic (0.00s)
=== RUN   TestRemoteClientSasTokenBasic
--- PASS: TestRemoteClientSasTokenBasic (100.29s)
=== RUN   TestRemoteClientServicePrincipalBasic
--- PASS: TestRemoteClientServicePrincipalBasic (101.36s)
=== RUN   TestRemoteClientAccessKeyLocks
--- PASS: TestRemoteClientAccessKeyLocks (100.93s)
=== RUN   TestRemoteClientServicePrincipalLocks
--- PASS: TestRemoteClientServicePrincipalLocks (105.00s)
=== RUN   TestPutMaintainsMetaData
--- PASS: TestPutMaintainsMetaData (99.97s)
PASS
ok  	github.com/hashicorp/terraform/internal/backend/remote-state/azure	1535.389s

@tombuildsstuff tombuildsstuff added this to the v1.2.0 milestone Apr 19, 2022
@tombuildsstuff tombuildsstuff requested a review from a team as a code owner April 19, 2022 07:20
jackofallops
jackofallops approved these changes Apr 19, 2022
View reviewed changes
Copy link
Member

@jackofallops jackofallops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

manicminer
manicminer approved these changes Apr 19, 2022
View reviewed changes
Copy link
Member

@manicminer manicminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tombuildsstuff, LGTM 👍

@tombuildsstuff tombuildsstuff merged commit 2eb9118 into main Apr 20, 2022
@tombuildsstuff tombuildsstuff deleted the f/azurerm-backend-msal branch April 20, 2022 15:31
@github-actions
Copy link

Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.

tombuildsstuff added a commit that referenced this pull request Apr 20, 2022
@tombuildsstuff
updating to include #30891
0028a26
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 21, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@manicminer manicminer manicminer approved these changes

@jackofallops jackofallops jackofallops approved these changes

Assignees
No one assigned
Labels
backend/azure documentation enhancement
Projects
None yet
Milestone
v1.2.0
Development

Successfully merging this pull request may close these issues.

MSAL (use MS Graph) by default in Terraform backend azurerm
4 participants
@tombuildsstuff @manicminer @jackofallops @apparentlymart