Skip to content

Add Object_Id support for Managed Identity #4215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gladjohn merged 9 commits into from
Jul 11, 2023
Merged

Add Object_Id support for Managed Identity #4215

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
a8cc5b8
initial commit
GladwinJohnson Jul 7, 2023
280a7b1
Merge branch 'main' into gladjohn/mi_obj_id
gladjohn Jul 7, 2023
ec8c11b
Update ManagedIdentityTests.cs
gladjohn Jul 8, 2023
562e6c4
Merge branch 'main' into gladjohn/mi_obj_id
gladjohn Jul 10, 2023
5b4296c
pr comments
GladwinJohnson Jul 10, 2023
d2acd7f
Merge branch 'gladjohn/mi_obj_id' of https://github.com/AzureAD/micro…
GladwinJohnson Jul 10, 2023
7d0ece0
Merge branch 'main' into gladjohn/mi_obj_id
gladjohn Jul 10, 2023
c1330e7
pr comments
GladwinJohnson Jul 11, 2023
2c2e006
Merge branch 'gladjohn/mi_obj_id' of https://github.com/AzureAD/micro…
GladwinJohnson Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,11 @@ internal ManagedIdentityApplicationBuilder(ApplicationConfiguration configuratio
}

/// <summary>
/// Creates a ManagedIdentityApplicationBuilder from a user assigned managed identity clientID / resourceId.
/// Creates a ManagedIdentityApplicationBuilder from a user assigned managed identity clientID / resourceId / objectId.
/// For example, for a system assigned managed identity use ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned)
/// and for a user assigned managed identity use ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedClientId(clientId)).
/// and for a user assigned managed identity use ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedClientId(clientId)) or
/// ManagedIdentityId.WithUserAssignedResourceId("resourceId") or
/// ManagedIdentityId.WithUserAssignedObjectId("objectid").
/// For more details see https://aka.ms/msal-net-managed-identity
/// </summary>
/// <param name="managedIdentityId">Configuration of the Managed Identity assigned to the resource.</param>
Expand Down
24 changes: 21 additions & 3 deletions src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityId.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ namespace Microsoft.Identity.Client.AppConfig
/// Class to store configuration for a managed identity enabled on a resource.
/// For a system assigned managed identity use ManagedIdentityId.SystemAssigned.
/// For user assigned managed identity use ManagedIdentityId.WithUserAssignedClientId("clientId") or
/// ManagedIdentityId.WithUserAssignedResourceId("resourceId").
/// ManagedIdentityId.WithUserAssignedResourceId("resourceId") or
/// ManagedIdentityId.WithUserAssignedObjectId("objectid").
/// For more details see https://aka.ms/msal-net-managed-identity
/// </summary>
public class ManagedIdentityId
Expand All @@ -33,6 +34,7 @@ private ManagedIdentityId(ManagedIdentityIdType idType)
break;
case ManagedIdentityIdType.ClientId:
case ManagedIdentityIdType.ResourceId:
case ManagedIdentityIdType.ObjectId:
_isUserAssigned = true;
break;
}
Expand All @@ -47,7 +49,7 @@ private ManagedIdentityId(ManagedIdentityIdType idType)
/// <summary>
/// Create an instance of ManagedIdentityId for a user assigned managed identity from a client id.
/// </summary>
/// <param name="clientId">Client id of the user assigned managed identity assigned to azure resource.</param>
/// <param name="clientId">Client id of the user assigned managed identity assigned to the azure resource.</param>
/// <returns>Instance of ManagedIdentityId.</returns>
/// <exception cref="ArgumentNullException"></exception>
public static ManagedIdentityId WithUserAssignedClientId(string clientId)
Expand All @@ -63,7 +65,7 @@ public static ManagedIdentityId WithUserAssignedClientId(string clientId)
/// <summary>
/// Create an instance of ManagedIdentityId for a user assigned managed identity from a resource id.
/// </summary>
/// <param name="resourceId">Resource id of the user assigned managed identity assigned to azure resource.</param>
/// <param name="resourceId">Resource id of the user assigned managed identity assigned to the azure resource.</param>
/// <returns>Instance of ManagedIdentityId.</returns>
/// <exception cref="ArgumentNullException"></exception>
public static ManagedIdentityId WithUserAssignedResourceId(string resourceId)
Expand All @@ -75,5 +77,21 @@ public static ManagedIdentityId WithUserAssignedResourceId(string resourceId)

return new ManagedIdentityId(ManagedIdentityIdType.ResourceId) { UserAssignedId = resourceId };
}

/// <summary>
/// Create an instance of ManagedIdentityId for a user assigned managed identity from an object id.
/// </summary>
/// <param name="objectId">Object id of the user assigned managed identity assigned to the azure resource.</param>
/// <returns>Instance of ManagedIdentityId.</returns>
/// <exception cref="ArgumentNullException"></exception>
public static ManagedIdentityId WithUserAssignedObjectId(string objectId)
{
if (string.IsNullOrEmpty(objectId))
{
throw new ArgumentNullException(objectId);
}

return new ManagedIdentityId(ManagedIdentityIdType.ObjectId) { UserAssignedId = objectId };
}
}
}
3 changes: 2 additions & 1 deletion src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityIdType.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ internal enum ManagedIdentityIdType
{
SystemAssigned,
ClientId,
ResourceId
ResourceId,
ObjectId
}
}
1 change: 1 addition & 0 deletions src/client/Microsoft.Identity.Client/Internal/Constants.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ internal static class Constants
public const string BearerAuthHeaderPrefix = "Bearer";

public const string ManagedIdentityClientId = "client_id";
public const string ManagedIdentityObjectId = "object_id";
public const string ManagedIdentityResourceId = "mi_res_id";
public const string ManagedIdentityDefaultClientId = "system_assigned_managed_identity";
public const string ManagedIdentityDefaultTenant = "managed_identity";
Expand Down
5 changes: 5 additions & 0 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/AppServiceManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
_requestContext.Logger.Info("[Managed Identity] Adding user assigned resource id to the request.");
request.QueryParameters[Constants.ManagedIdentityResourceId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId;
break;

case AppConfig.ManagedIdentityIdType.ObjectId:
_requestContext.Logger.Info("[Managed Identity] Adding user assigned object id to the request.");
request.QueryParameters[Constants.ManagedIdentityObjectId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId;
break;
}

return request;
Expand Down
5 changes: 5 additions & 0 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/ImdsManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,11 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
_requestContext.Logger.Info("[Managed Identity] Adding user assigned resource id to the request.");
request.QueryParameters[Constants.ManagedIdentityResourceId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId;
break;

case AppConfig.ManagedIdentityIdType.ObjectId:
_requestContext.Logger.Info("[Managed Identity] Adding user assigned object id to the request.");
request.QueryParameters[Constants.ManagedIdentityObjectId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId;
break;
}

return request;
Expand Down
5 changes: 5 additions & 0 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
_requestContext.Logger.Info("[Managed Identity] Adding user assigned resource id to the request.");
request.QueryParameters[Constants.ManagedIdentityResourceId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId;
break;

case AppConfig.ManagedIdentityIdType.ObjectId:
_requestContext.Logger.Info("[Managed Identity] Adding user assigned object id to the request.");
request.QueryParameters[Constants.ManagedIdentityObjectId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId;
break;
}

return request;
Expand Down
33 changes: 32 additions & 1 deletion tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@
using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Identity.Client;
using Microsoft.Identity.Client.AppConfig;
using Microsoft.Identity.Client.ManagedIdentity;
using Microsoft.Identity.Test.Common.Core.Mocks;

namespace Microsoft.Identity.Test.Common.Core.Helpers
{
Expand All @@ -14,7 +17,8 @@ public enum UserAssignedIdentityId
{
None,
ClientId,
ResourceId
ResourceId,
ObjectId
}

//MSI Azure resources
Expand Down Expand Up @@ -57,5 +61,32 @@ public static void SetEnvironmentVariables(ManagedIdentitySource managedIdentity
break;
}
}

/// <summary>
/// Create the MIA with the http proxy
/// </summary>
/// <param name="url"></param>
/// <param name="userAssignedId"></param>
/// <returns></returns>
public static ManagedIdentityApplicationBuilder CreateMIABuilder(string userAssignedId = "", UserAssignedIdentityId userAssignedIdentityId = UserAssignedIdentityId.ClientId)
{
var builder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedClientId(userAssignedId));

switch (userAssignedIdentityId)
{
case UserAssignedIdentityId.ResourceId:
builder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedResourceId(userAssignedId));
break;

case UserAssignedIdentityId.ObjectId:
builder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedObjectId(userAssignedId));
break;
}

// Disabling shared cache options to avoid cross test pollution.
builder.Config.AccessorOptions = null;

return builder;
}
}
}
12 changes: 9 additions & 3 deletions tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHttpManagerExtensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
using Microsoft.Identity.Client.AppConfig;
using Microsoft.Identity.Client.Instance;
using Microsoft.Identity.Client.Instance.Discovery;
using Microsoft.Identity.Client.Internal;
using Microsoft.Identity.Client.ManagedIdentity;
using Microsoft.Identity.Client.Utils;
using Microsoft.Identity.Test.Common.Core.Helpers;
Expand Down Expand Up @@ -337,7 +338,7 @@ public static void AddManagedIdentityMockHandler(
string resource,
string response,
ManagedIdentitySource managedIdentitySourceType,
string userAssignedClientIdOrResourceId = null,
string userAssignedId = null,
UserAssignedIdentityId userAssignedIdentityId = UserAssignedIdentityId.None,
HttpStatusCode statusCode = HttpStatusCode.OK
)
Expand All @@ -350,12 +351,17 @@ public static void AddManagedIdentityMockHandler(

if (userAssignedIdentityId == UserAssignedIdentityId.ClientId)
{
httpMessageHandler.ExpectedQueryParams.Add("client_id", userAssignedClientIdOrResourceId);
httpMessageHandler.ExpectedQueryParams.Add(Constants.ManagedIdentityClientId, userAssignedId);
}

if (userAssignedIdentityId == UserAssignedIdentityId.ResourceId)
{
httpMessageHandler.ExpectedQueryParams.Add("mi_res_id", userAssignedClientIdOrResourceId);
httpMessageHandler.ExpectedQueryParams.Add(Constants.ManagedIdentityResourceId, userAssignedId);
}

if (userAssignedIdentityId == UserAssignedIdentityId.ObjectId)
{
httpMessageHandler.ExpectedQueryParams.Add(Constants.ManagedIdentityObjectId, userAssignedId);
}

httpMessageHandler.ResponseMessage = responseMessage;
Expand Down
1 change: 1 addition & 0 deletions tests/Microsoft.Identity.Test.Common/TestConstants.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ public static HashSet<string> s_scope

public const string ClientId = "d3adb33f-c0de-ed0c-c0de-deadb33fc0d3";
public const string ClientId2 = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
public const string ObjectId = "593b2662-5af7-4a90-a9cb-5a9de615b82f";
public const string FamilyId = "1";
public const string UniqueId = "unique_id";
public const string IdentityProvider = "my-idp";
Expand Down
Loading