Detect system-assigned managed identities in AzureCredentialHelper#15885
Open
DavidZidar wants to merge 1 commit intomicrosoft:mainfrom
Open
Detect system-assigned managed identities in AzureCredentialHelper#15885DavidZidar wants to merge 1 commit intomicrosoft:mainfrom
DavidZidar wants to merge 1 commit intomicrosoft:mainfrom
Conversation
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 15885Or
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 15885" |
Contributor
There was a problem hiding this comment.
Pull request overview
Restores managed-identity support in AzureCredentialHelper for Azure App Service deployments by detecting system-assigned managed identity signals and selecting a managed-identity credential path instead of falling back to development credentials.
Changes:
- Detects
IDENTITY_ENDPOINT(in addition toAZURE_CLIENT_ID) to decide when to useManagedIdentityCredential. - Adds an inline comment clarifying why
IDENTITY_ENDPOINTis checked.
When system-assigned managed identities are enabled the IDENTITY_ENDPOINT and IDENTITY_HEADER environment variables are defined. It should be enough to detect the endpoint variable for this purpose. AZURE_CLIENT_ID is still used by user-managed identities. Reference: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp#rest-endpoint-reference
DavidZidar
force-pushed
the
fix-system-assigned-credential-support
branch
from
60f26ad to
05cce1c
Compare
Author
|
Copilot pointed out that the code doesn't seem to be working for user-assigned managed identities either so I made the suggested adjustments (with some minor tweaks) to account for this too. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This should restore support for system-assigned managed identities.
When system-assigned managed identities are enabled the
IDENTITY_ENDPOINTandIDENTITY_HEADERenvironment variables are defined. It should be enough to detect the endpoint variable for this purpose.AZURE_CLIENT_IDis still used by user-managed identities.Reference:
https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp#rest-endpoint-reference
Fixes #15879
Checklist
<remarks />and<code />elements on your triple slash comments?aspire.devissue: