Changes to add proxy url in WIC #46972
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anannya03
requested review from
KarishmaGhiya,
maorleger,
minhanh-phan,
pvaneck and
scottaddie
github-project-automation
bot
moved this to Untriaged
in Azure Identity SDK Improvements
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new WorkloadIdentityTokenProxyPolicy class to support proxy URL configuration for Workload Identity Connector (WIC) in the Azure Identity SDK. The implementation enables routing workload identity token requests through a custom Kubernetes proxy endpoint with SSL/TLS certificate handling.
- Adds support for configuring a custom token proxy via environment variables
- Implements SSL/TLS certificate validation using custom CA certificates
- Provides request rewriting functionality to redirect token requests through the proxy
...entity/src/main/java/com/azure/identity/implementation/WorkloadIdentityTokenProxyPolicy.java
Outdated
Show resolved
Hide resolved
| String originalQuery = originalUri.getRawQuery(); | ||
|
|
||
| String tokenProxyBase = tokenProxyUri.toString(); | ||
| if(!tokenProxyBase.endsWith("/")) tokenProxyBase += "/"; |
There was a problem hiding this comment.
Missing space after 'if' keyword. Should follow Java coding conventions with proper spacing.
Suggested change
| if(!tokenProxyBase.endsWith("/")) tokenProxyBase += "/"; | |
| if (!tokenProxyBase.endsWith("/")) tokenProxyBase += "/"; |
Comment on lines
+137
to
+148
| // private HttpClient createHttpClient() { | ||
| // if((caData == null || caData.length == 0) && (caFile == null || caFile.isEmpty())) { | ||
| // if(httpClient == null) { | ||
| // // httpClient = | ||
| // } | ||
| // } | ||
| // if(caFile == null || caFile.isEmpty()) { | ||
| // // httpClient = | ||
| // } | ||
| // throw new UnsupportedOperationException("Unimplemented method 'createHttpClient'"); | ||
| // } | ||
|
|
There was a problem hiding this comment.
Commented-out code should be removed before merging. This appears to be unused development code that clutters the implementation.
Suggested change
| // private HttpClient createHttpClient() { | |
| // if((caData == null || caData.length == 0) && (caFile == null || caFile.isEmpty())) { | |
| // if(httpClient == null) { | |
| // // httpClient = | |
| // } | |
| // } | |
| // if(caFile == null || caFile.isEmpty()) { | |
| // // httpClient = | |
| // } | |
| // throw new UnsupportedOperationException("Unimplemented method 'createHttpClient'"); | |
| // } |
|
|
||
| private SSLContext getSSLContext() { | ||
| try { | ||
| // If no CA override provide, use default |
There was a problem hiding this comment.
Grammar error in comment. Should be 'If no CA override provided, use default' or 'If no CA override is provided, use default'.
Suggested change
| // If no CA override provide, use default | |
| // If no CA override provided, use default |
|
|
||
| // If CA file provided, read it (and re-read if it changes) | ||
| Path path = Paths.get(caFile); | ||
| if(!Files.exists(path)) { |
There was a problem hiding this comment.
Missing space after 'if' keyword. Should follow Java coding conventions with proper spacing.
Suggested change
| if(!Files.exists(path)) { | |
| if (!Files.exists(path)) { |
|
|
||
| byte[] currentContent = Files.readAllBytes(path); | ||
|
|
||
| if(currentContent.length == 0) { |
There was a problem hiding this comment.
Missing space after 'if' keyword. Should follow Java coding conventions with proper spacing.
Suggested change
| if(currentContent.length == 0) { | |
| if (currentContent.length == 0) { |
| return sslContext; | ||
| } | ||
|
|
||
| if(sslContext == null || !Arrays.equals(currentContent, lastCaBytes)) { |
There was a problem hiding this comment.
Missing space after 'if' keyword. Should follow Java coding conventions with proper spacing.
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Scott Beddall <[email protected]>
…ration - Java-5376408 (Azure#46806) * Configurations: 'specification/oracle/Oracle.Database.Management/tspconfig.yaml', API Version: 2025-09-01, SDK Release Type: stable, and CommitSHA: '8d4f7c60f2a1448a1442399aebf1fc17b208a253' in SpecRepo: 'https://github.com/Azure/azure-rest-api-specs' Pipeline run: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=5376408 Refer to https://eng.ms/docs/products/azure-developer-experience/develop/sdk-release/sdk-release-prerequisites to prepare for SDK release. * Update pom.xml --------- Co-authored-by: Weidong Xu <[email protected]>
* Generate codes * Update changelog * Update assets
* prepare release * changelogs
* Generate codes * Update changelog * Fix test exception * Update assets * remove uppercase setting of Network Security Group Name * fix without action * fix without action * fix without action by TreeMap * fix for discussion_r2425270949
Co-authored-by: Xiaofei Cao <[email protected]>
…#46966) * fix * prepare release * revert pom.xml * release minor version * fix version * assets.json
) * Revise tsp-client usage instructions in README Updated usage instructions to use 'npm exec --prefix' for running tsp-client commands. The reason is `tsp-client` needs to resolve the input parameters based on the root folder of SDK repository. * Update README.md to use brace expansion for variables * Update README.md --------- Co-authored-by: Ray Chen <[email protected]>
) * Added 'ArtifactsJson' parameter * Made script work for non-java * Reduced duplicated parsing * Fixed type error --------- Co-authored-by: ray chen <[email protected]>
…re#46985) * Update main with branch release of azure-search-documents 11.8.0 * Fix linting
…config.yaml', API Version: 2025-10-13, SDK Release Type: stable, and CommitSHA: '8052426d23bf87cd8a3ad29a2fd5127e6054c434' in SpecRepo: 'https://github.com/Azure/azure-rest-api-specs' Pipeline run: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=5423432 Refer to https://eng.ms/docs/products/azure-developer-experience/develop/sdk-release/sdk-release-prerequisites to prepare for SDK release. (Azure#46920)
* Increment package versions for network releases * fix test * fix more tests --------- Co-authored-by: XiaofeiCao <[email protected]>
* pom version update * changelog update * readme changes related to identity
) * Update create-apireview template to use packageInfo * Use new signature for FindArtifactForApiReviewFn * Used new signature of FindArtifactForApiReviewFn --------- Co-authored-by: ray chen <[email protected]>
…-2025-07-01-preview (Azure#47004)
* release for aks package-preview-2025-08 * revert samples * fix test * revapi * fix sample
…erprise/resource-manager/Microsoft.Cache/RedisEnterprise/readme.md#package-2025-07-01 (Azure#47013)
* Beginning work for Java 25 * Update Java 21 to Java 25 in CI matrix * Fix serialization in newer Jackson versions * Fix compiler warning * Switch to API compatible with Jackson 2.10 * Update sdk/spring/pipeline/cosmos-integration-matrix-compatible.json Co-authored-by: Muyao Feng <[email protected]> * Update sdk/spring/pipeline/cosmos-integration-matrix.json Co-authored-by: Muyao Feng <[email protected]> --------- Co-authored-by: Muyao Feng <[email protected]>
* change ts for cfp and add test * update changelog * react to comments
) * Mark TypeSpec upgrade PR as draft when generation fails Co-authored-by: JoshLove-msft <[email protected]> * Add condition to run Create_PR job even when Generate fails Co-authored-by: JoshLove-msft <[email protected]> * Include emitter name in PR title Co-authored-by: JoshLove-msft <[email protected]> * Use emitterIdentifier variable for PR title instead of recalculating Co-authored-by: JoshLove-msft <[email protected]> * Include scope in emitterIdentifier for branch and PR names Co-authored-by: JoshLove-msft <[email protected]> * Read emitter name from package.json instead of extracting from path Co-authored-by: JoshLove-msft <[email protected]> * Resolve emitterPackagePath to absolute path before reading Co-authored-by: JoshLove-msft <[email protected]> * Append package.json to emitterPackagePath directory Co-authored-by: JoshLove-msft <[email protected]> * Add log statement for fallback to package path Co-authored-by: JoshLove-msft <[email protected]> --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: JoshLove-msft <[email protected]>
…n - Java-5436595 (Azure#46961) * Configurations: 'specification/dashboard/Dashboard.Management/tspconfig.yaml', API Version: 2025-08-01, SDK Release Type: stable, and CommitSHA: 'b2965096067d6f8374b5485b0568fd36e7c9d099' in SpecRepo: 'https://github.com/Azure/azure-rest-api-specs' Pipeline run: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=5436595 Refer to https://eng.ms/docs/products/azure-developer-experience/develop/sdk-release/sdk-release-prerequisites to prepare for SDK release. * Update pom.xml --------- Co-authored-by: Weidong Xu <[email protected]>
…ker flow. (Azure#46968) * Wrap as `CosmosException` when PPCB hits NPEs when trying to perform failover action. * Updated CHANGELOG.md * Updated CHANGELOG.md * Fixing compilation errors. * Perform PPCB failover for only server-generated 500s. * Add unit tests. * Adding tests. * Only swallow unhandled exceptions in the PPCB flow. * Addressing review comments. * Addressing review comments. * Addressing review comments. * Addressing review comments.
…ode requests. (Azure#47024) * Prevent reducing network request timeout to less than 5s for TCP connections. * Prevent reducing network request timeout to less than 5s for TCP connections. * Updated CHANGELOG.md * Fixing tests. * Fixing tests. * Fixing tests. * Reset RESPONSE_DELAY duration.
* Remove remoterendering SDK * Added retrirement notices in pom * Removed localization from link --------- Co-authored-by: Michael Zappe <[email protected]>
…3.4 without DBFS support) (Azure#46862) * add test for DBX 16.4 * update docs with support for DBX 16.\* * use databricks fs instead of dbfs * switch based on version * fix * fix * try this * put it back * test * compare cluster name instead * fix * fix * test * fix closing quote * fix * fix * fix * remove --file * try fix ci script * fix again * Update databricks-jar-install.sh * Update spark.databricks.yml * Update spark.databricks.yml * Prettyfying * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Iterating on bash scripts * Iterating on bash scripts for Databricks CLI * Update databricks-jar-install.sh * Iterating on Databricks CLI bash scripts * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Update databricks-notebooks-install.sh * Splitting Cosmos endpoints for MSI vs. key * Update spark.yml * Update databricks-jar-install.sh * Update spark.yml * Update spark.yml * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Update databricks-notebooks-install.sh * Update databricks-jar-install.sh * Iterating on attempt to upload jar candidate * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Update databricks-jar-install.sh * Adding CheckSum validation to prevent concurrent live tests from interfering with eachother * Update spark.databricks.yml * Update spark.databricks.yml * Update spark.databricks.yml * Iterating on checksum validation * Update databricks-jar-install.sh --------- Co-authored-by: Neha Rao <[email protected]>
…ure-sdk-for-java into fic_limit_add_proxy
github-project-automation
bot
moved this from Untriaged
to Done
in Azure Identity SDK Improvements
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Please add an informative description that covers that changes made by the pull request and link all relevant issues.
If an SDK is being regenerated based on a new swagger spec, a link to the pull request containing these swagger spec changes has been included above.
All SDK Contribution checklist:
General Guidelines and Best Practices
Testing Guidelines