Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Refactor lab API and remove certificate based auth #5023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: main
Choose a base branch
Loading
from
Draft

Refactor lab API and remove certificate based auth #5023

wants to merge 7 commits into from

Conversation

bgavrilMS
Copy link
Member

Fixes #

Changes proposed in this request

Testing

Performance impact

Documentation

  • All relevant documentation is updated.

@bgavrilMS bgavrilMS requested a review from a team as a code owner December 16, 2024 11:24
@bgavrilMS bgavrilMS marked this pull request as draft December 16, 2024 11:39
gladjohn
gladjohn reviewed Dec 17, 2024
View reviewed changes
tests/Microsoft.Identity.Test.LabInfrastructure/LabAuthenticationHelper.cs
// TODO: test this on MacOs / Linux WSL
private static TokenCredential GetAzureCredentialForDevBox()
{
InteractiveBrowserCredential interactiveBrowserCredential = new InteractiveBrowserCredential(
Copy link
Contributor

@gladjohn gladjohn Dec 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use VisualStudioCredential instead?

// Set the Key Vault URL
string keyVaultUrl = "https://msidlabs.vault.azure.net/";

// Create a new Visual Studio Credential
var credential = new VisualStudioCredential();

// Create a new SecretClient using the Visual Studio Credential
var client = new SecretClient(new Uri(keyVaultUrl), credential);

// Retrieve a secret from Azure Key Vault
KeyVaultSecret secret = client.GetSecret("msidlab1");

Console.WriteLine($"Secret: {secret.Value}");

this will use the Azure Service Authentication account

image

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we can't use any of the DefaultAzureCredential options, because there is no option to change the clientID. If you use VSCredentail, it'll use VS clientID.

And VS clientID is not authorized to call MSIDlab.

I was thinking that if we were to directly call the KV that might work though. Maybe not VS client ID, but az cli or some tool might do it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VS clientID is now authorized to call Lab API for an authorized user

gladjohn
gladjohn reviewed Dec 17, 2024
View reviewed changes
tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/CiamIntegrationTests.cs
var msalConfidentialClient = ConfidentialClientApplicationBuilder
.Create(ciamWebApi)
.WithCertificate(CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName))
.WithCertificate(CertificateFinder.FindCertificateByName(TestConstants.AutomationTestCertName))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we create a new self signed cert for this purpose? and move away from the SNI cert for lab apps?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It still makes sense to have a single cert secure all our tests apps.

gladjohn
gladjohn reviewed Dec 17, 2024
View reviewed changes
tests/Microsoft.Identity.Test.LabInfrastructure/LabApiConstants.cs Outdated
public class LabApiConstants
public static class LabApiConstants
{
public const string LabClientId = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we move to use Visual Studio credential for DevBox and UAMI based acccess for CI, we do not need this app flow anymore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gladjohn gladjohn gladjohn left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bgavrilMS @gladjohn
Morty Proxy This is a proxified and sanitized view of the page, visit original site.