Add ADFS support for ClientSecretCredential #1947
Conversation
antkmsft
requested review from
ahsonkhan,
RickWinter,
schaabs and
vhvb1989
as code owners
sdk/identity/azure-identity/test/ut/client_secret_credential.cpp
Outdated
Show resolved
Hide resolved
|
Hello @antkmsft! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
antkmsft
dismissed
RickWinter’s stale review
I implemented all of the @RickWinter's requests, and I haven't heard from him since then. If there's anything more, let me know.
sdk/identity/azure-identity/inc/azure/identity/client_secret_credential.hpp
Show resolved
Hide resolved
| /** | ||
| * @brief Defines options for #Azure::Core::Credentials::TokenCredential. | ||
| */ | ||
| struct TokenCredentialOptions : public Azure::Core::_internal::ClientOptions |
There was a problem hiding this comment.
It is not a breaking change, and has the default value. All the code you could compile before can still compile now.
There was a problem hiding this comment.
I understand. It's a new type/new feature (which are also added to CL) :)
| : m_tenantId(std::move(tenantId)), m_clientId(std::move(clientId)), | ||
| m_clientSecret(std::move(clientSecret)), m_options(std::move(options)) | ||
| { | ||
| } | ||
|
|
||
| /** | ||
| * @brief Construct a Client Secret credential. |
There was a problem hiding this comment.
This is an odd casing choice. Was it intentional?
| : m_tenantId(std::move(tenantId)), m_clientId(std::move(clientId)), | ||
| m_clientSecret(std::move(clientSecret)) | ||
| { | ||
| static_cast<Azure::Core::Credentials::TokenCredentialOptions&>(m_options) = options; |
There was a problem hiding this comment.
nit: Add a comment explaining why this cast is OK.
| @@ -9,6 +9,40 @@ | |||
| #include <chrono> | |||
| #include <sstream> | |||
|
|
|||
| namespace { | |||
| // Assumes !scopes.empty() | |||
| std::string FormatScopes(std::vector<std::string> const& scopes, bool asResource) | |||
There was a problem hiding this comment.
it is internal function. You can only have single scope as resource, and when you want to build resource, you don't add scope suffix.
| { | ||
| auto resource = scopes[0]; | ||
| constexpr char suffix[] = "/.default"; | ||
| constexpr int suffixLen = sizeof(suffix) - 1; |
There was a problem hiding this comment.
Why are we doing -1. Add a comment.
There was a problem hiding this comment.
I don't think this necessarily requires a comment, this is the part of the language - when an array is initialized from a literal, \0 is added to the array - https://en.cppreference.com/w/c/language/array_initialization.
There was a problem hiding this comment.
I don't think this necessarily requires a comment
Source comments are rarely necessary. It's just meant for helpful hints for future maintainability when code changes, moves around. What happens if I change line 19 tomorrow to std::string, now line 20 is broken, if I don't update -1, correct?
It's up to your discretion, as the PR author, what's clear/obvious by just reading the code.
There was a problem hiding this comment.
I can add it, but if we change it to std::string, suffixLen should be removed entirely, it is no longer necessary. So, the only context in which it makes sense, is when suffix is a C-string, so it is 0-terminated, so that "- 1" is needed.
But even without the "-1", sizeof(std::string()) is broken. It will be the size of the std::string class, not the length of the string. length() should be used.
| } | ||
|
|
||
| auto scopesIter = scopes.begin(); | ||
| auto scopesStr = Azure::Core::Url::Encode(*scopesIter); |
There was a problem hiding this comment.
nit: re-add the comment here, that we assume scopes.size() > 0
| ClientSecretCredentialOptions options; | ||
| options.AuthorityHost = authority; | ||
| ClientSecretCredentialOptions clientSecretCredentialOptions; | ||
| static_cast<Core::_internal::ClientOptions&>(clientSecretCredentialOptions) = options; |
There was a problem hiding this comment.
Shouldn't this be TokenCredentialOptions?
| static_cast<Core::_internal::ClientOptions&>(clientSecretCredentialOptions) = options; | |
| static_cast<Core::Credentials::TokenCredentialOptions&>(clientSecretCredentialOptions) = options; |
What's this line doing? Is it only copying over the fields into the local clientSecretCredentialOptions that come from the base type options? Does it leave the other fields alone?
Also, add comment why static cast is OK here.
There was a problem hiding this comment.
@antkmsft does this need to be fixed for correctness?
There was a problem hiding this comment.
For now we are fine, but yes, it needs fixing - I'll grab this plus a few other comments and create a follow-up PR.
| } | ||
| else | ||
| { | ||
| m_credentialImpl.reset(new ClientSecretCredential(tenantId, clientId, clientSecret)); | ||
| m_credentialImpl.reset( | ||
| new ClientSecretCredential(tenantId, clientId, clientSecret, options)); | ||
| } | ||
| } | ||
| // TODO: These credential types are not implemented. Uncomment when implemented. |
There was a problem hiding this comment.
Since you are hereand modifying this code already, remove this TODO comment from source and file an issue.
| } | ||
| } // namespace | ||
|
|
||
| TEST(ClientSecretCredential, Regular) |
There was a problem hiding this comment.
How can I see the test coverage for this change and azure-identity overall?
It's not visible here: https://dev.azure.com/azure-sdk/public/_build/results?buildId=808213&view=results
There was a problem hiding this comment.
I don't know how the code coverage integration works, but if you don't see it, it most likely was not enable for identity. We need a work item to enable it.
| @@ -46,6 +46,7 @@ set( | |||
| ${CURL_TRANSPORT_ADAPTER_INC} | |||
| ${WIN_TRANSPORT_ADAPTER_INC} | |||
| inc/azure/core/credentials/credentials.hpp | |||
| inc/azure/core/credentials/token_credential_options.hpp | |||
There was a problem hiding this comment.
We need to include these headers to core.hpp and add tests to the simplified header.
Fixed in #2070
Closes #345.