Skip to content

Commit ed8dd1f

Browse files
chlowellchlowell
authored
Correct IMDS resource ID query parameter (#22650)
1 parent 1c38041 commit ed8dd1f

File tree

5 files changed

+16
-14
lines changed

5 files changed

+16
-14
lines changed

sdk/azidentity/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
### Breaking Changes
88

99
### Bugs Fixed
10+
* `ManagedIdentityCredential` now specifies resource IDs correctly for Azure Container Instances
1011

1112
### Other Changes
1213

sdk/azidentity/assets.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@
22
"AssetsRepo": "Azure/azure-sdk-assets",
33
"AssetsRepoPrefixPath": "go",
44
"TagPrefix": "go/azidentity",
5-
"Tag": "go/azidentity_03176ee180"
5+
"Tag": "go/azidentity_4d7934c64a"
66
}

sdk/azidentity/managed_identity_client.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,14 @@ const (
3434
identityServerThumbprint = "IDENTITY_SERVER_THUMBPRINT"
3535
headerMetadata = "Metadata"
3636
imdsEndpoint = "http://169.254.169.254/metadata/identity/oauth2/token"
37+
miResID = "mi_res_id"
3738
msiEndpoint = "MSI_ENDPOINT"
39+
msiResID = "msi_res_id"
3840
msiSecret = "MSI_SECRET"
3941
imdsAPIVersion = "2018-02-01"
4042
azureArcAPIVersion = "2019-08-15"
43+
qpClientID = "client_id"
4144
serviceFabricAPIVersion = "2019-07-01-preview"
42-
43-
qpClientID = "client_id"
44-
qpResID = "mi_res_id"
4545
)
4646

4747
type msiType int
@@ -286,7 +286,7 @@ func (c *managedIdentityClient) createIMDSAuthRequest(ctx context.Context, id Ma
286286
q.Add("resource", strings.Join(scopes, " "))
287287
if id != nil {
288288
if id.idKind() == miResourceID {
289-
q.Add(qpResID, id.String())
289+
q.Add(msiResID, id.String())
290290
} else {
291291
q.Add(qpClientID, id.String())
292292
}
@@ -306,7 +306,7 @@ func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context,
306306
q.Add("resource", scopes[0])
307307
if id != nil {
308308
if id.idKind() == miResourceID {
309-
q.Add(qpResID, id.String())
309+
q.Add(miResID, id.String())
310310
} else {
311311
q.Add(qpClientID, id.String())
312312
}
@@ -329,7 +329,7 @@ func (c *managedIdentityClient) createAzureMLAuthRequest(ctx context.Context, id
329329
if id.idKind() == miResourceID {
330330
log.Write(EventAuthentication, "WARNING: Azure ML doesn't support specifying a managed identity by resource ID")
331331
q.Set("clientid", "")
332-
q.Set(qpResID, id.String())
332+
q.Set(miResID, id.String())
333333
} else {
334334
q.Set("clientid", id.String())
335335
}
@@ -351,7 +351,7 @@ func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Conte
351351
if id != nil {
352352
log.Write(EventAuthentication, "WARNING: Service Fabric doesn't support selecting a user-assigned identity at runtime")
353353
if id.idKind() == miResourceID {
354-
q.Add(qpResID, id.String())
354+
q.Add(miResID, id.String())
355355
} else {
356356
q.Add(qpClientID, id.String())
357357
}
@@ -411,7 +411,7 @@ func (c *managedIdentityClient) createAzureArcAuthRequest(ctx context.Context, i
411411
if id != nil {
412412
log.Write(EventAuthentication, "WARNING: Azure Arc doesn't support user-assigned managed identities")
413413
if id.idKind() == miResourceID {
414-
q.Add(qpResID, id.String())
414+
q.Add(miResID, id.String())
415415
} else {
416416
q.Add(qpClientID, id.String())
417417
}
@@ -437,7 +437,7 @@ func (c *managedIdentityClient) createCloudShellAuthRequest(ctx context.Context,
437437
log.Write(EventAuthentication, "WARNING: Cloud Shell doesn't support user-assigned managed identities")
438438
q := request.Raw().URL.Query()
439439
if id.idKind() == miResourceID {
440-
q.Add(qpResID, id.String())
440+
q.Add(miResID, id.String())
441441
} else {
442442
q.Add(qpClientID, id.String())
443443
}

sdk/azidentity/managed_identity_credential_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -242,18 +242,18 @@ func TestManagedIdentityCredential_AppService(t *testing.T) {
242242
t.Fatalf(`unexpected resource "%s"`, v)
243243
}
244244
if id == nil {
245-
if q.Get(qpClientID) != "" || q.Get(qpResID) != "" {
245+
if q.Get(qpClientID) != "" || q.Get(miResID) != "" {
246246
t.Fatal("request shouldn't include a user-assigned ID")
247247
}
248248
} else {
249-
if q.Get(qpClientID) != "" && q.Get(qpResID) != "" {
249+
if q.Get(qpClientID) != "" && q.Get(miResID) != "" {
250250
t.Fatal("request includes two IDs")
251251
}
252252
var v string
253253
if _, ok := id.(ClientID); ok {
254254
v = q.Get(qpClientID)
255255
} else if _, ok := id.(ResourceID); ok {
256-
v = q.Get(qpResID)
256+
v = q.Get(miResID)
257257
}
258258
if v != id.String() {
259259
t.Fatalf(`unexpected id "%s"`, v)
@@ -450,7 +450,7 @@ func TestManagedIdentityCredential_ResourceID_IMDS(t *testing.T) {
450450
if reqQueryParams["resource"][0] != liveTestScope {
451451
t.Fatalf("Unexpected resource in resource query param")
452452
}
453-
if reqQueryParams[qpResID][0] != resID {
453+
if reqQueryParams[msiResID][0] != resID {
454454
t.Fatalf("Unexpected resource ID in resource query param")
455455
}
456456
}

sdk/azidentity/test-resources-post.ps1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ FROM mcr.microsoft.com/oss/go/microsoft/golang:latest as builder
2727
ENV GOARCH=amd64 GOWORK=off
2828
COPY . /azidentity
2929
WORKDIR /azidentity/testdata/managed-id-test
30+
RUN go mod tidy
3031
RUN go build -o /build/managed-id-test .
3132
RUN GOOS=windows go build -o /build/managed-id-test.exe .
3233

0 commit comments

Comments
 (0)