Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ESTS-Regional support #306

Merged
merged 15 commits into from
Apr 27, 2022
Merged

ESTS-Regional support #306

merged 15 commits into from
Apr 27, 2022

Conversation

abhidnya13
Copy link
Contributor

@abhidnya13 abhidnya13 commented Apr 26, 2022
edited
Loading

This resolves #240

This is the internal design doc: AAD SDK Proposal to Pin Auth to region

I was able to E2E test this by specifying an Azure Region using this sample app.

Also added a wiki page to show usage details.

@abhidnya13 abhidnya13 added the enhancement New feature or request label Apr 26, 2022
@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 26, 2022
@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 26, 2022
keegan-caruso
keegan-caruso reviewed Apr 26, 2022
View reviewed changes
apps/confidential/confidential.go Outdated
@@ -245,6 +253,23 @@ func WithX5C() Option {
}
}

// WithAzureRegionsets the region(preferred) or Confidential.AutoDetectRegion() for auto detecting region.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

space after "WithAzureRegion"

@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 26, 2022
@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 26, 2022
@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 26, 2022
keegan-caruso
keegan-caruso reviewed Apr 26, 2022
View reviewed changes
apps/internal/oauth/ops/authority/authority.go Outdated
err := c.Comm.JSONCall(ctx, endpoint, http.Header{}, qv, nil, &resp)
return resp, err
resp := ""
err := c.Comm.JSONCall(ctx, imdsEndpoint, http.Header{}, nil, nil, &resp)
Copy link
Contributor

@keegan-caruso keegan-caruso Apr 26, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

qv isn't being passed in here anymore?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 26, 2022
keegan-caruso
keegan-caruso reviewed Apr 26, 2022
View reviewed changes
apps/internal/oauth/ops/authority/authority.go Outdated
qv.Set("api-version", defaultAPIVersion)
qv.Set("format", "text")
resp := ""
err := c.Comm.JSONCall(ctx, imdsEndpoint, http.Header{}, qv, nil, &resp)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

design doc indicates that this call should be retried once.

Additionally, do we want to handle discovery here for new versions? Specified as optional in the design doc.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AzureAD/microsoft-authentication-library-for-python#358 (comment)

I was following this discussion and decided to go with the simpler approach of trying it only once.
I'll update to use the latest API version though as per this doc. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=linux#supported-api-versions

keegan-caruso
keegan-caruso reviewed Apr 26, 2022
View reviewed changes
apps/internal/oauth/ops/authority/authority.go Outdated
}
resp.Metadata = []InstanceDiscoveryMetadata{metadata}
}
if region == "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

am I reading this wrong, or could this just be an else?

@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 26, 2022
@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 27, 2022
@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 27, 2022
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

@abhidnya13 abhidnya13 added enhancement New feature or request and removed enhancement New feature or request labels Apr 27, 2022
@abhidnya13 abhidnya13 merged commit de68cfc into dev Apr 27, 2022
@abhidnya13 abhidnya13 deleted the regional_support branch April 27, 2022 23:45
This was referenced Apr 28, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keegan-caruso keegan-caruso

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature Request] Enable regional support
2 participants
@abhidnya13 @keegan-caruso