From 84c19d11cc3c60d8324ee181c0bc65ef6164b8fa Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Thu, 8 Aug 2024 14:40:19 -0400 Subject: [PATCH] feat: enables CAE by default Signed-off-by: Vincent Biret --- CHANGELOG.md | 6 ++++++ azure_identity_access_token_provider.go | 9 ++++++++- azure_identity_authentication_provider.go | 7 ++++++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c6dbbc..7f830fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +## [1.1.0] - 2024-08-08 + +### Changed + +- Continuous Access Evaluation is now enabled by default. + ## [1.0.2] - 2024-01-19 ### Changed diff --git a/azure_identity_access_token_provider.go b/azure_identity_access_token_provider.go index bd1ac49..bfd8f2c 100644 --- a/azure_identity_access_token_provider.go +++ b/azure_identity_access_token_provider.go @@ -22,6 +22,7 @@ type AzureIdentityAccessTokenProvider struct { allowedHostsValidator *absauth.AllowedHostsValidator // The observation options for the request adapter. observabilityOptions ObservabilityOptions + isCaeEnabled bool } // ObservabilityOptions holds the tracing, metrics and logging configuration for the request adapter @@ -51,6 +52,11 @@ func NewAzureIdentityAccessTokenProviderWithScopesAndValidHosts(credential azcor // NewAzureIdentityAccessTokenProviderWithScopesAndValidHosts creates a new instance of the AzureIdentityAccessTokenProvider. func NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptions(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions) (*AzureIdentityAccessTokenProvider, error) { + return NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential, scopes, validHosts, observabilityOptions, true) +} + +// NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled creates a new instance of the AzureIdentityAccessTokenProvider. +func NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions, isCaeEnabled bool) (*AzureIdentityAccessTokenProvider, error) { if credential == nil { return nil, errors.New("credential cannot be nil") } @@ -68,6 +74,7 @@ func NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityO scopes: finalScopes, allowedHostsValidator: validator, observabilityOptions: observabilityOptions, + isCaeEnabled: isCaeEnabled, }, nil } @@ -113,7 +120,7 @@ func (p *AzureIdentityAccessTokenProvider) GetAuthorizationToken(ctx context.Con options := azpolicy.TokenRequestOptions{ Scopes: p.scopes, - //TODO pass the claims once the API is updated to support it https://github.com/Azure/azure-sdk-for-go/issues/14284 + EnableCAE: p.isCaeEnabled, } span.SetAttributes(attribute.String("com.microsoft.kiota.authentication.scopes", strings.Join(p.scopes, ","))) token, err := p.credential.GetToken(ctx, options) diff --git a/azure_identity_authentication_provider.go b/azure_identity_authentication_provider.go index cbd53cc..76d456f 100644 --- a/azure_identity_authentication_provider.go +++ b/azure_identity_authentication_provider.go @@ -29,7 +29,12 @@ func NewAzureIdentityAuthenticationProviderWithScopesAndValidHosts(credential az // NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptions creates a new instance of the AzureIdentityAuthenticationProvider. func NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptions(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions) (*AzureIdentityAuthenticationProvider, error) { - accessTokenProvider, err := NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptions(credential, scopes, validHosts, observabilityOptions) + return NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential, scopes, validHosts, observabilityOptions, true) +} + +// NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled creates a new instance of the AzureIdentityAuthenticationProvider. +func NewAzureIdentityAuthenticationProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential azcore.TokenCredential, scopes []string, validHosts []string, observabilityOptions ObservabilityOptions, isCaeEnabled bool) (*AzureIdentityAuthenticationProvider, error) { + accessTokenProvider, err := NewAzureIdentityAccessTokenProviderWithScopesAndValidHostsAndObservabilityOptionsAndIsCaeEnabled(credential, scopes, validHosts, observabilityOptions, isCaeEnabled) if err != nil { return nil, err }