-
Notifications
You must be signed in to change notification settings - Fork 810
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ImdsManagedIdentityProvider (#4096) #4193
Conversation
@@ -383,16 +392,16 @@ struct MsiTokenResponse { | |||
/// This authentication type works in Azure VMs, App Service and Azure Functions applications, as well as the Azure Cloud Shell | |||
/// <https://learn.microsoft.com/en-gb/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http> | |||
#[derive(Debug)] | |||
pub struct ImdsManagedIdentityOAuthProvider { | |||
pub struct ImdsManagedIdentityProvider { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed the OAuth part from the name to highlight that this isn't an OAuth flow
@@ -424,7 +433,7 @@ impl TokenCredential for ImdsManagedIdentityOAuthProvider { | |||
) -> Result<TemporaryToken<String>> { | |||
let mut query_items = vec![ | |||
("api-version", MSI_API_VERSION), | |||
("resource", AZURE_STORAGE_SCOPE), | |||
("resource", AZURE_STORAGE_RESOURCE), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the entirety of the change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed it did not .- thanks for fixing this!
Which issue does this PR close?
Closes #4096
Rationale for this change
Originally added by @roeap in #3581 I don't think this has ever worked correctly. Crucially the metadata communication is not an OAuth2 flow, and consequently does not deal with scopes, only resource IDs.
I have confirmed this now works correctly
What changes are included in this PR?
Are there any user-facing changes?