Merge pull request #141 from microsoft/feature/enable-cae

feat: enables CAE by default
microsoft · Aug 9, 2024 · 4d80032 · 4d80032
2 parents 2d10214 + 84c19d1
commit 4d80032
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+## [1.1.0] - 2024-08-08
+
+### Changed
+
+- Continuous Access Evaluation is now enabled by default.
+
 ## [1.0.2] - 2024-01-19
 
 ### Changed

diff --git a/azure_identity_access_token_provider.go b/azure_identity_access_token_provider.go
@@ -22,6 +22,7 @@ type AzureIdentityAccessTokenProvider struct {
  allowedHostsValidator *absauth.AllowedHostsValidator
  // The observation options for the request adapter.
  observabilityOptions ObservabilityOptions
+ isCaeEnabled bool
 }
 
 // ObservabilityOptions holds the tracing, metrics and logging configuration for the request adapter
@@ -51,6 +52,11 @@ func NewAzureIdentityAccessTokenProviderWithScopesAndValidHosts(credential azcor
 
 // NewAzureIdentityAccessTokenProviderWithScopesAndValidHosts creates a new instance of the AzureIdentityAccessTokenProvider.
 func NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptions(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions) (*AzureIdentityAccessTokenProvider, error) {
+ return NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential, scopes, validHosts, observabilityOptions, true)
+}
+
+// NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled creates a new instance of the AzureIdentityAccessTokenProvider.
+func NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions, isCaeEnabled bool) (*AzureIdentityAccessTokenProvider, error) {
  if credential == nil {
  return nil, errors.New("credential cannot be nil")
  }
@@ -68,6 +74,7 @@ func NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityO
  scopes: finalScopes,
  allowedHostsValidator: validator,
  observabilityOptions: observabilityOptions,
+ isCaeEnabled: isCaeEnabled,
  }, nil
 }
 
@@ -113,7 +120,7 @@ func (p *AzureIdentityAccessTokenProvider) GetAuthorizationToken(ctx context.Con
 
  options := azpolicy.TokenRequestOptions{
  Scopes: p.scopes,
- //TODO pass the claims once the API is updated to support it https://github.com/Azure/azure-sdk-for-go/issues/14284
+ EnableCAE: p.isCaeEnabled,
  }
  span.SetAttributes(attribute.String("com.microsoft.kiota.authentication.scopes", strings.Join(p.scopes, ",")))
  token, err := p.credential.GetToken(ctx, options)

diff --git a/azure_identity_authentication_provider.go b/azure_identity_authentication_provider.go
@@ -29,7 +29,12 @@ func NewAzureIdentityAuthenticationProviderWithScopesAndValidHosts(credential az
 
 // NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptions creates a new instance of the AzureIdentityAuthenticationProvider.
 func NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptions(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions) (*AzureIdentityAuthenticationProvider, error) {
- accessTokenProvider, err := NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptions(credential, scopes, validHosts, observabilityOptions)
+ return NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential, scopes, validHosts, observabilityOptions, true)
+}
+
+// NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled creates a new instance of the AzureIdentityAuthenticationProvider.
+func NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions, isCaeEnabled bool) (*AzureIdentityAuthenticationProvider, error) {
+ accessTokenProvider, err := NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential, scopes, validHosts, observabilityOptions, isCaeEnabled)
  if err != nil {
  return nil, err
  }