* Remove support for customizing the IMDS endpoint within ManagedIdentityCredential using an env var
* Remove test after merge.
* Revert "Remove test after merge."
This reverts commit 0d1a4fb8ca5c34bc253e999a86d337bbcddea63e.
* Only remove the test, after merge.
* Move imds endpoint url to a named const string and add doc link
* Use a static factory method
* Update tests and samples.
* Remove unnecessary std::move and update the samples in readme.
* Address PR feedback - use more real values for resourceIDs in tests.
* Update tests and samples to use resourceID strings with the expected prefix.
* Fix test assert.
* In ClientCertificateCredential, add the x5c parameter of the JWT token as a JSON array rather than a JSON string.
* Update sdk/identity/azure-identity/src/client_certificate_credential.cpp
Co-authored-by: Ray Luo <rayluo.mba@gmail.com>
---------
Co-authored-by: Ray Luo <rayluo.mba@gmail.com>
* Use code snippets from managed identity credential samples in identity readme doc.
* Generate readme from snippets.
* Update snippet generation script to remove unnecessary indentation and extra new line at eof.
* Update Snippet Generation doc to show a concrete example on how to run it.
* Update other repo READMEs with the generation fixes.
* Fix KeyVault Secrets sample and use the snippets in its README
* Use the added sample snippet.
* Add a readme section for user and system assigned managed identity for
MICredential.
* Update the README to reflect new API surface and add section about Object ID.
* Mention object ID in the intro.
* Reorder the list of IDs mentioned to match the section order.
* Updated the request header sent to the OIDC endpoint in so it doesn't result in a redirect response when an invalid system access token is provided.
* Add comment on what X-TFS-FedAuthRedirect does.
* Allow x-vss-e2eid response header to be logged in AzurePipelinesCredential for diagnostics.
* Dont redact the x-msedge-ref header either.
* Add the necessary response headers to the exception message.
* Update cspell.
* Update CL
* Fix size_t comparison
* Use std::array to get the size() method.
* Add the <array> include directive to be explicit.
* Accept base64 (PEM) encoded certificate as std::string instead of vector<uint8_t>
* Fix unix implementation and remove use of privacy enhance mail in comments, in favor of PEM
* Add support for passing in the x509 certificate and its corresponding private key directly to , rather than reading from a pem file.
* Move the x509 and pkey objects
* Add basic test.
* Fix doc comment due to merge.
* Fix merge, add back the bool
* Pass in bool in other locations
* Fix finding pem cert content from memory and add tests with send chain true.
* Use d2i_PrivateKey_bio instead of PEM_read_bio_PrivateKey since the private key isn't in pem format.
* Fix doc comments to match the type name rather than copy/paste typo from client secret cred.
* Make options optional and add invalid content tests.
* Disable cspell in some places within tests.
* Make exception message consistent between platforms when reading a file.
* Add public surface area to support sending a chain of certs.
* Add x5c param to the JWT token.
* Simplify test.
* Address PR feedback and fix typo.
* Fix typo.
* Move the ResourceIdentifier type from Identity to Azure::Core.
* Fix the namespace in the source cpp file.
* Fix managed identity credential tests.
* Fix clang format.
* Add support for providing an object ID to ManagedIdentityCredential.
* Update cspell checks.
* Add support for creating a Uuid from a string, and use that as the
MICred overload for objectId.
* Add a remark comment to make it clear that object and client ids are not interchangeable.
* Remove the non-const ToString() as that isn't required.
* Update tests to use valid hex Uuid values.
* Use a discriminated union design approach with a ManagedIdentityType
object and ManagedIdentityIdType enum.
* Fix typo and remove Uuid CreateFromString.
* Address PR feedback.
* Update doc comment.
* Update comments and exception message to consistently use hyphens
between user/system and assigned.
* Do not pass in a client ID into the request body in a Cloud Shell
environment, but rather throw, as not supported.
* Address PR feedback - reword exception to avoid mention of SAI.
* Address PR feedback - use param name in exception.
* Revert "Add support for providing a Resource ID to ManagedIdentityCredential. (#5832)"
This reverts commit 193bbe6963.
* Revert "Add support for customizing the IMDS endpoint within ManagedIdentityCredential using an env var. (#5834)"
This reverts commit 00304a0556.
* Use ClientAssertionCredential within AzurePipelinesCredential.
* Use ClientAssertionCredential in WorkloadIdentityCredential.
* Fix DefaultAzureCredentia.LogMessages test since an extra log got added.
* Disable tests that dont correctly simulate the token request and return
the test response.
* Address PR feedback and make sure base options are passed in to underlying
client assertion credential.
* Address PR feedback - move credential ctor into validation checks.
* Address PR feedback, add const.
* Add a ClientAssertionCredentialImpl to make sure logs use the calling
credential name.
* Add support for providing a Resource ID to ManagedIdentityCredential.
* Fix typo in param name.
* Fix clang format and undo removing of private methods (that are unused).
* Address PR feedback.
* Add back Azure:: to fix doxygen docs issue.
* Add support for customizing the IMDS endpoint within
ManagedIdentityCredential using an env var.
* Clean up the impl.
* Add imds as an opt-out for spell checl.
* Address PR feedback.
* Re-enable running KeyVault samples on Ubuntu using AzureCliCredential.
* Re-enable running Attestation samples using AzureCliCredential.
* Re-enable running EventHubs samples using AzureCliCredential.
* Re-enable running Identity samples.
* Disable client_secret_credential_sample since it depends on env vars
that don't exist.
* Deprecated Azure::Core::ApplicationContext because its use is confusing and inconsistent with the original design.
---------
Co-authored-by: Rick Winter <rick.winter@microsoft.com>
Co-authored-by: Anton Kolesnyk <41349689+antkmsft@users.noreply.github.com>
Co-authored-by: Ahson Khan <ahkha@microsoft.com>
* Use GetTestCredentials in eventhubs admin client; updated samples to allow sample execution to be disabled
* Made sample execution optional
* re-enabled building keyvault samples
* Disabled RetrieveMultipleEvents test
* Disabled RetrieveMultipleEvents test
* Pull request feedback
* Added `ClientAssertionCredential` to enable applications to authenticate with custom client assertions.
* Rename test file.
* Update client assertion credential tests.
* Fix typo.
* Address PR feedback - pass in function by value and some comment fixup.
* Update log messages to use credential name as a prefix.
* test1
* hgdfchg
* remove the remnants of azure client secret
* test KV with federated auth
* UseFederatedAuth
* fdsa
* kv template with managed
* try try again
* retry permissions
* add net acls
* blunt force replace the resource json
* put back stuff
* trey again with new method
* attempt
* missed something
* flip if else
* Temporarily use empty sub config file path for preview cloud
* remove client secret
* try to fix the identity tests
* live skip failing tests and return in samples
* samples for identity fix
* disable failing samples in identity
* fix winhttp failing test
* comment out code
* remove managed identity
* restore version from main
* revert readme changes
* PR comments
* test 2
* clang
* attempt default creds with pipeline chanined
* clangs
* identity test and clangs
* oops
* live
* cleanup
* reter
* test
* revert the DAC change
* missed one
* taking the samples to a farm upstate
* PR comments
* Fix bad merge
---------
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
Co-authored-by: Anton Kolesnyk <41349689+antkmsft@users.noreply.github.com>
* Add AzurePipelinesCredential for authenticating an Azure Pipelines service connection with workload identity federation.
* Add unit tests.
* Add comment about not throwing in the ctor, but rather deferring it.
* Order field in order of initialization and fix cspell.
* Fix ambiguous call to EnvironmentOverride in tests.
* Add a live test to AzurePipelinesCredential.
* Add invalid test cases and output response.
* Add access token env var in ci.yml.
* Add identity yml files and EnvVars.
* Fix merge conflicts and print out the oidc response.
* Remove duplicate definition of ServiceDirectory and remove env.
* Revert CI/infra changes.
* Include engsys changes to add federated auth support.
* Update environment variables used.
* Sync recent engsys changes.
* Add invalid tenant id test and re-order them.
* Fail the live test pipeline if a test fails.
* Update tests and revert source changes.
* Debug failing TokenCredentialTest in new live test environment.
* Dont fail test on missing env var.
* Disable federated auth in ci.yml and add back client secret env var.
* Remove test application secret.
* Revert other changes related to infra.
* Add AzurePipelinesCredential for authenticating an Azure Pipelines service connection with workload identity federation.
* Add unit tests.
* Add comment about not throwing in the ctor, but rather deferring it.
* Order field in order of initialization and fix cspell.
* Fix ambiguous call to EnvironmentOverride in tests.
* Address PR feedback, suppress warning, move oidc fetch in token cache,
and update exception message.
* Address PR feedback, use ID and capitalize Azure Pipelines.
* Revert back to the workaround for the warning, rather than suppressing
it.
* Address PR feedback, move getting an assertion to a helper, and add
const.
