* Implement Phase 3 features for DefaultAzureCredential
* Forgotten change to update header
* Clang-format
* GCC fix
* Change 'envVarName' string parameter to a boolean 'requireEnvVarValue' parameter
* Rename EnvVarName to CredentialSpecifierEnvVarName and make it constexpr auto
* requireEnvVarValue => requireCredentialSpecifierEnvVarValue
* Clang-format
* Update unit test name
* Clang-format
* Update CHANGELOG with new features and bug fixes
---------
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
* Azure Core and Identity September Releases
* "Identity"
* Update azure-core-cpp version to 1.16.0
* Enclose BIO_seek() OpenSSL macro in -Wold-style-cast ignore pragmas for macOS
---------
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
This was broken by a035ee5f94, which
accidentally constructed the IMDS URL with a double slash at the start
of the path. This is not properly routed on the server side, leading to
a 404 error with some very misleading XML.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
* Identity: 'AZURE_TOKEN_CREDENTIALS' env var support for specific credential names
* No need to use index-based loop at that place
* Clang-format
* Require 'Credential' suffix for env var values
* Update sdk/identity/azure-identity/CHANGELOG.md
Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
---------
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
* Azure Core and Identity July GA Releases
* Add Identity to the release
* Undo change to FolderList.cmake (chicken vs egg problem; we'll have to update after the release)
---------
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
* Identity: IMDS fail-fast and Cred order change in DAC (and Core support)
* Mac fix and cspell update
* Update unit test and clang-format
* Temporarily update samples to use AzCliCred until recordings are re-recorded
* Revert samples back to use DAC
* Remove SAS auth from Tables template
* Clang-format
* Add support for 'AZURE_POD_IDENTITY_AUTHORITY_HOST', override it for running samples in CI
* Add unit test for AZURE_POD_IDENTITY_AUTHORITY_HOST
* "in milliseconds"
Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
* PR Feedback
* Named constant + comment
---------
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
* Identity: Log Client ID used in ManagedIdentityCredential
* Clang-format
* [&]
---------
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
* Identity: Add AzureCliCredentialOptions::Subscription
* Clang-format
* Id => ID
* Fix typo
* Apply suggestions from code review
Co-authored-by: Larry Osterman <LarryOsterman@users.noreply.github.com>
* Replace `decltype` with `auto` in test file
* + "If this is the name of a subscription, use its ID instead."
---------
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
Co-authored-by: Larry Osterman <LarryOsterman@users.noreply.github.com>
* In ClientCertificateCredential, add the x5c parameter of the JWT token as a JSON array rather than a JSON string.
* Update sdk/identity/azure-identity/src/client_certificate_credential.cpp
Co-authored-by: Ray Luo <rayluo.mba@gmail.com>
---------
Co-authored-by: Ray Luo <rayluo.mba@gmail.com>
* Updated the request header sent to the OIDC endpoint in so it doesn't result in a redirect response when an invalid system access token is provided.
* Add comment on what X-TFS-FedAuthRedirect does.
* Allow x-vss-e2eid response header to be logged in AzurePipelinesCredential for diagnostics.
* Dont redact the x-msedge-ref header either.
* Add the necessary response headers to the exception message.
* Update cspell.
* Update CL
* Fix size_t comparison
* Use std::array to get the size() method.
* Add the <array> include directive to be explicit.
* Add support for passing in the x509 certificate and its corresponding private key directly to , rather than reading from a pem file.
* Move the x509 and pkey objects
* Add basic test.
* Fix doc comment due to merge.
* Fix merge, add back the bool
* Pass in bool in other locations
* Fix finding pem cert content from memory and add tests with send chain true.
* Use d2i_PrivateKey_bio instead of PEM_read_bio_PrivateKey since the private key isn't in pem format.
* Fix doc comments to match the type name rather than copy/paste typo from client secret cred.
* Make options optional and add invalid content tests.
* Disable cspell in some places within tests.
* Make exception message consistent between platforms when reading a file.
* Add public surface area to support sending a chain of certs.
* Add x5c param to the JWT token.
* Simplify test.
* Address PR feedback and fix typo.
* Fix typo.
* Add support for providing an object ID to ManagedIdentityCredential.
* Update cspell checks.
* Add support for creating a Uuid from a string, and use that as the
MICred overload for objectId.
* Add a remark comment to make it clear that object and client ids are not interchangeable.
* Remove the non-const ToString() as that isn't required.
* Update tests to use valid hex Uuid values.
* Use a discriminated union design approach with a ManagedIdentityType
object and ManagedIdentityIdType enum.
* Fix typo and remove Uuid CreateFromString.
* Address PR feedback.
* Update doc comment.
* Update comments and exception message to consistently use hyphens
between user/system and assigned.
* Do not pass in a client ID into the request body in a Cloud Shell
environment, but rather throw, as not supported.
* Address PR feedback - reword exception to avoid mention of SAI.
* Address PR feedback - use param name in exception.
* Add support for providing a Resource ID to ManagedIdentityCredential.
* Fix typo in param name.
* Fix clang format and undo removing of private methods (that are unused).
* Address PR feedback.
* Add back Azure:: to fix doxygen docs issue.
* Add support for customizing the IMDS endpoint within
ManagedIdentityCredential using an env var.
* Clean up the impl.
* Add imds as an opt-out for spell checl.
* Address PR feedback.
* Added `ClientAssertionCredential` to enable applications to authenticate with custom client assertions.
* Rename test file.
* Update client assertion credential tests.
* Fix typo.
* Address PR feedback - pass in function by value and some comment fixup.
* Update log messages to use credential name as a prefix.
* Add AzurePipelinesCredential for authenticating an Azure Pipelines service connection with workload identity federation.
* Add unit tests.
* Add comment about not throwing in the ctor, but rather deferring it.
* Order field in order of initialization and fix cspell.
* Fix ambiguous call to EnvironmentOverride in tests.
* Address PR feedback, suppress warning, move oidc fetch in token cache,
and update exception message.
* Address PR feedback, use ID and capitalize Azure Pipelines.
* Revert back to the workaround for the warning, rather than suppressing
it.
* Address PR feedback, move getting an assertion to a helper, and add
const.
* Prepare for the June Identity GA release.
* Validate azure arc.
* Update changelog entry.
* Update cspell, fixup gtest skip, and remove unnecessary logging.
* Move gtest_skip call inside the gtest.
* Use system command due to permissions on creating a directory, on linux.
* Pass in a c_str() to system.
* Update permissions to create keys and address pr feedback (rename test
var and method to remove 'valid').
* Address PR feedback - nits.
* Fix remaining rename of local variable.
