[KeyVault] - Deploy attestation service as a test resource #16848
Conversation
ghost
added
the
There was a problem hiding this comment.
I think this is ok, but I have the feeling that this just got 1.5x as complex as before.
I have the feeling an outsider might not clearly see how these changes interoperate. Should we add some kind of documentation to remember about this PR or these changes somewhere? What I’m trying to say is, next time we onboard someone on the Key Vault clients, how can we make their experience more straightforward?
I’m not proposing to address this feedback as part of this PR. If this argument doesn’t sound strong enough, I’m also ok with leaving this as a comment in case someone goes back to this PR from the future.
Agree - it's a lot added for a single scenario but we do need to deploy something for live testing SKR
Definitely, I can do the following:
No worries, I dont think there's a huge rush since we have a static test resource. I can try to add it to this PR Thanks for the feedback! |
maorleger
force-pushed
the
keyvault-dynamic-skr
branch
from
6ab761c to
4586477
Compare
|
/azp run js - keyvault-keys - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
maorleger
force-pushed
the
keyvault-dynamic-skr
branch
from
4586477 to
cb2f55f
Compare
What
Why
For Secure Key Release we require an additional live resource - a service that can generate and sign tokens as well as provide
the OIDC Configuration to discover the jwks URI. We currently use a static test fixture that I have spun up and deployed to
Azure App Service; however, that is not sustainable and really not in line with our guidelines on test assets
This allows us to maintain an image and keep the code centralized and in a repository owned by EngSys.
See https://github.com/Azure/azure-sdk-tools/tree/main/tools/keyvault-mock-attestation for the source code for the container.