Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not pass a client ID into the request body for MICredential within a Cloud Shell environment, but rather throw, as not supported. #5837

Merged
merged 4 commits into from
Aug 13, 2024
Merged

Do not pass a client ID into the request body for MICredential within a Cloud Shell environment, but rather throw, as not supported. #5837

merged 4 commits into from
Aug 13, 2024

Conversation

ahsonkhan
Copy link
Member

@ahsonkhan
Do not pass in a client ID into the request body in a Cloud Shell
c788559 
environment, but rather throw, as not supported.
@ahsonkhan ahsonkhan self-assigned this Jul 23, 2024
@ahsonkhan
Copy link
Member Author

/azp run cpp - identity

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@ahsonkhan ahsonkhan changed the title Do not pass in a client ID into the request body in a Cloud Shell environment, but rather throw, as not supported. Do not pass a client ID into the request body for MICredential within a Cloud Shell environment, but rather throw, as not supported. Jul 23, 2024
@ahsonkhan ahsonkhan modified the milestones: 2024-08, 2024-09 Jul 29, 2024
@ahsonkhan
Copy link
Member Author

Pushing this out to September, since August is a GA release, and I want to wait until more language SDKs have made similar changes.

Folks, please review and approve, or share any other feedback you might have.

antkmsft
antkmsft approved these changes Aug 1, 2024
View reviewed changes
Copy link
Member

@antkmsft antkmsft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR does what is says and I see no problems in it, I do not know enough to be certain if that is the right thing to do, but from what I can see it is the right thing to do. I am also not sure if throwing is better than ignoring - from what I've seen some languages (Go, Python) seem to effectively ignore it rather than to fail with error, leaving that up to you to decide.

@ahsonkhan
Copy link
Member Author

I am also not sure if throwing is better than ignoring - from what I've seen some languages (Go, Python) seem to effectively ignore it rather than to fail with error, leaving that up to you to decide.

The issue has links to all other languages that are going to make the same change as .NET/C++ to throw and fail-fast rather than silently ignore.

@ahsonkhan
Merge branch 'main' of https://github.com/Azure/azure-sdk-for-cpp int…
9e74d9d 
…o CloudShellFail

ally if it merges an updated upstream into a topic branch.
@ahsonkhan ahsonkhan merged commit cf562e0 into Azure:main Aug 13, 2024
78 checks passed
@ahsonkhan ahsonkhan deleted the CloudShellFail branch August 13, 2024 23:26
@maorleger maorleger mentioned this pull request Aug 29, 2024
Merged
maorleger added a commit to Azure/azure-sdk-for-js that referenced this pull request Sep 3, 2024
@maorleger
[identity] Throw if user-assigned IDs are used for CloudShell MSI (#3…
db50236 
…0955)

### Packages impacted by this PR

@azure/identity

### Issues associated with this PR

Resolves #30380

### Describe the problem that is addressed by this PR

If the Cloud Shell ManagedIdentitySource is detected via MSAL and a
user-assigned managed identity clientID or resourceID is supplied, the
ManagedIdentityCredential should throw.

The rationale for taking this minor breaking change is that CloudShell
does not support specifying a clientID or ResourceID and the current
behavior of silently falling back to attempting to use a system-assigned
identity could be unexpected.

### Provide a list of related PRs _(if any)_

Azure/azure-sdk-for-cpp#5837
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christothes christothes christothes left review comments

@antkmsft antkmsft antkmsft approved these changes

@LarryOsterman LarryOsterman LarryOsterman approved these changes

@schaabs schaabs Awaiting requested review from schaabs schaabs is a code owner

@RickWinter RickWinter Awaiting requested review from RickWinter RickWinter is a code owner

@gearama gearama Awaiting requested review from gearama gearama is a code owner

@maorleger maorleger Awaiting requested review from maorleger maorleger is a code owner automatically assigned from Azure/azure-sdk-write-identity

@pvaneck pvaneck Awaiting requested review from pvaneck pvaneck is a code owner automatically assigned from Azure/azure-sdk-write-identity

@billwert billwert Awaiting requested review from billwert billwert is a code owner automatically assigned from Azure/azure-sdk-write-identity

@g2vinay g2vinay Awaiting requested review from g2vinay g2vinay is a code owner automatically assigned from Azure/azure-sdk-write-identity

@chlowell chlowell Awaiting requested review from chlowell chlowell is a code owner automatically assigned from Azure/azure-sdk-write-identity

@mpodwysocki mpodwysocki Awaiting requested review from mpodwysocki mpodwysocki is a code owner automatically assigned from Azure/azure-sdk-write-identity

Assignees

@ahsonkhan ahsonkhan

Labels
Azure.Identity
Projects
Azure Identity SDK Improvements
Status: Done
Milestone
2024-09
7 participants
@ahsonkhan @christothes @pvaneck @RickWinter @LarryOsterman @chlowell @antkmsft