iam-auth: allow setting iam azure scope in connector spec #2629
+154
−26
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In Azure, the scope for the IAM token needs to match the service API that will be used. In the past, we always used the graph.microsoft.com scope, but services such as Azure SQL require a different scope. With this change, the connector can specify the scope it needs in the connector spec.
danielnelson
force-pushed
the
iam-auth-azure-scope
branch
from
dff16e8 to
04c1086
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
In Azure, the scope for the IAM token needs to match the service API that will be used. In the past, we always used the graph.microsoft.com scope, but services such as Azure SQL require a different scope. With this change, the connector can specify the scope it needs in the connector spec.
Workflow steps:
A connector author sets the
x-iam-azure-scopeannotation in the /credentials section of the connect spec to the needed scope.Documentation links affected:
None
Notes for reviewers:
(anything that might help someone review this PR)