Open jviau opened 2 hours ago
Thank you for your feedback. Tagging and routing to the team member best able to assist.
@jviau: Can you please share the customer scenario where this would be used?
//cc: @scottaddie, @christothes for thoughts.
@jsquire the precise scenario I am thinking of is for integration tests of Azure Functions extensions in Azure Pipelines. Today many extensions leverage AzureComponentFactory
to parse configuration and get a token for the Azure resource (example: event hubs extension). Adding azure pipelines support to component factory will simplify integration tests in Azure pipelines as a service connection can be used. This would be a preferred approach over existing auth as they have limitations:
Connection string: not secretless.
Managed identity: need to assign identity to agent. All pipelines running on agent now have access to identity. Service connection will allow restricting to specific pipelines.
Workload identity: this seems like the closest match? I am going to test it out. It doesn't seem as clean as supporting a pipeline cred directly as I will need an intermediate step to get auth via azure cli and write the token to a file.
We don't generally add public features for internal purposes such as this. Can you help us understand why using the Functions Startup and the UseCredential
method for the client builder wouldn't work for the Functions test infrastructure? That would be the recommended approach and works with any Identity credential or custom implementation based on TokenCredential.
This is not specifically for internal purposes only. It is for customers that have integration tests for their function apps as well. Azure functions extensions do not support manually supplying token credentials for the most part and are limited to connection strings or what AzureComponentFactory
supports. Additionally, it out-of-process scenarios customers would not have any code running in the host process to manually provide a token credential to begin with, and are limited to only config-based solutions.
Library name
Microsoft.Extensions.Azure
Please describe the feature.
Add support for configuring and instantiating an
AzurePipelinesCredential
viaAzureComponentFactory
.