Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQ] Support object ID for ManagedIdentityCredential in AzureComponentFactory #45661

Closed
scottaddie opened this issue Aug 23, 2024 · 2 comments · Fixed by #46909
Closed

[FEATURE REQ] Support object ID for ManagedIdentityCredential in AzureComponentFactory #45661

scottaddie opened this issue Aug 23, 2024 · 2 comments · Fixed by #46909
Assignees
@christothes
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. Extensions ASP.NET Core extensions feature-request This issue requires a new behavior in the product in order be resolved.
Milestone
2024-11

Comments

@scottaddie
Copy link
Member

scottaddie commented Aug 23, 2024
edited
Loading

Library name

Microsoft.Extensions.Azure

Please describe the feature.

The Azure Identity library's ManagedIdentityCredential is being enhanced to support object ID for user-assigned managed identity. See #45605. Object ID is an alternative to using client ID or resource ID. With regards to ManagedIdentityCredential, we should have feature parity between Azure.Identity and Microsoft.Extensions.Azure. It would involve updating this code:

azure-sdk-for-net/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs

Lines 115 to 128 in 91dc3f1

if (string.Equals(credentialType, "managedidentity", StringComparison.OrdinalIgnoreCase))
{
if (!string.IsNullOrWhiteSpace(clientId) && !string.IsNullOrWhiteSpace(resourceId))
{
throw new ArgumentException("Cannot specify both 'clientId' and 'managedIdentityResourceId'");
}
if (!string.IsNullOrWhiteSpace(resourceId))
{
return new ManagedIdentityCredential(new ResourceIdentifier(resourceId));
}
return new ManagedIdentityCredential(clientId);
}

From a customer's perspective, they should be able to provide configuration like the following:

{
    "credential": "managedidentity",
    "managedIdentityObjectId":  "<managedIdentityObjectId>"
}

Since we don't support object ID via DefaultAzureCredential, the following code flow is unaffected:

azure-sdk-for-net/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs

Lines 218 to 249 in 91dc3f1

if (additionallyAllowedTenantsList != null
|| !string.IsNullOrWhiteSpace(tenantId)
|| !string.IsNullOrWhiteSpace(clientId)
|| !string.IsNullOrWhiteSpace(resourceId))
{
var options = new DefaultAzureCredentialOptions();
if (additionallyAllowedTenantsList != null)
{
foreach (string tenant in additionallyAllowedTenantsList)
{
options.AdditionallyAllowedTenants.Add(tenant);
}
}
if (!string.IsNullOrWhiteSpace(tenantId))
{
options.TenantId = tenantId;
}
if (!string.IsNullOrWhiteSpace(clientId))
{
options.ManagedIdentityClientId = clientId;
}
// validation that both clientId and ResourceId are not set happens in Azure.Identity
if (!string.IsNullOrWhiteSpace(resourceId))
{
options.ManagedIdentityResourceId = new ResourceIdentifier(resourceId);
}
return new DefaultAzureCredential(options);
}

@scottaddie scottaddie added feature-request This issue requires a new behavior in the product in order be resolved. Extensions ASP.NET Core extensions Client This issue points to a problem in the data-plane of the library. labels Aug 23, 2024
@jsquire jsquire added this to the Backlog milestone Aug 24, 2024
@scottaddie scottaddie modified the milestones: Backlog, 2024-10 Sep 5, 2024
@scottaddie scottaddie moved this from Untriaged to Not Started in Azure Identity SDK Improvements Sep 5, 2024
@christothes
Copy link
Member

This change can be made after we ship the October release of Azure.Identity.

@scottaddie
Copy link
Member Author

That sounds like a fine plan to me

@scottaddie scottaddie modified the milestones: 2024-10, 2024-11 Oct 7, 2024
@christothes christothes mentioned this issue Oct 30, 2024
Merged
@github-project-automation github-project-automation bot moved this from Not Started to Done in Azure Identity SDK Improvements Oct 30, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Jan 28, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@christothes christothes

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. Extensions ASP.NET Core extensions feature-request This issue requires a new behavior in the product in order be resolved.
Projects
Azure Identity SDK Improvements
Archived in project
Milestone
2024-11
3 participants
@jsquire @christothes @scottaddie