Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DO NOT REVIEW] MSI V2 #5001

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

[DO NOT REVIEW] MSI V2 #5001

wants to merge 2 commits into from

Conversation

gladjohn
Copy link
Contributor

[DO NOT REVIEW] MSI V2

bgavrilMS
bgavrilMS reviewed Nov 20, 2024
View reviewed changes
src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs
/// <summary>
/// Resets the cached managed identity source. Used only for testing purposes.
/// </summary>
internal static void ResetManagedIdentitySourceCache()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this will need to be made public for Azure SDK to test. And it'd be better to have a "ResetStaticCaches" general API, like our tests currently do, which reset everything.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i.e. see the logic in TestCommon.ResetInternalStaticCaches();

bgavrilMS
bgavrilMS reviewed Nov 20, 2024
View reviewed changes
tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs
@@ -30,6 +30,9 @@ public class ServiceFabricTests
public void TestInitialize()
{
TestCommon.ResetInternalStaticCaches();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The TestBase class already calls TestCommon.ResetInternalStaticCaches();

bgavrilMS
bgavrilMS reviewed Nov 20, 2024
View reviewed changes
tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs
@@ -37,6 +37,13 @@ public class ManagedIdentityTests : TestBase
internal const string ExpectedErrorCode = "ErrorCode";
internal const string ExpectedCorrelationId = "Some GUID";

[TestInitialize]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See TestCommon.ResetInternalStaticCaches() - just include it it there.

bgavrilMS
bgavrilMS reviewed Nov 20, 2024
View reviewed changes
src/client/Microsoft.Identity.Client/ManagedIdentity/ImdsCredentialProbeManager.cs Outdated
private const string ProbeBody = ".";
private const string ImdsHeader = "IMDS/";
private static readonly SemaphoreSlim s_lock = new(1);
private static ProbeResult s_cachedResult;
Copy link
Member

@bgavrilMS bgavrilMS Nov 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We had a lot of problems with static region auto-discovery, which uses a similar concept.

  1. Should the HTTP call fail after some time? (it does in region ... 2 seconds)
  2. Are you sure that probe failure really means endpoint not available? Could the probe fail for other reasons?
  3. should the probe (HTTP call) be retried? How often / for how long?
  4. should we "default" to credential endpoint? it seems more widespread?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we use the MSI httpmanager logic with the same retries and error conditions.

We cannot default to credential endpoint because there are still RPs that use IMDS like AKS etc. So we need to check if credential endpoint exist first and then fallback to IMDS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgavrilMS bgavrilMS bgavrilMS left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gladjohn @bgavrilMS @GladwinJohnson