search

Azure / azure-sdk-for-rust

This repository is for active development of the *unofficial* Azure SDK for Rust. This repository is *not* supported by the Azure SDK team.
MIT License
685 stars 233 forks source link

split up ImdsManagedIdentityCredential #1495

Closed cataggar closed 6 months ago

cataggar commented 7 months ago

In https://github.com/Azure/azure-sdk-for-rust/issues/423 was renamed from ManagedIdentityCredential to ImdsManagedIdentityCredential.

If we look in the .NET SDK, their managed identity is a combination of these: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ManagedIdentityClient.cs#L80-L91

        private static ManagedIdentitySource SelectManagedIdentitySource(ManagedIdentityClientOptions options)
        {
            return
                ServiceFabricManagedIdentitySource.TryCreate(options) ??
                AppServiceV2019ManagedIdentitySource.TryCreate(options) ??
                AppServiceV2017ManagedIdentitySource.TryCreate(options) ??
                CloudShellManagedIdentitySource.TryCreate(options) ??
                AzureArcManagedIdentitySource.TryCreate(options) ??
                TokenExchangeManagedIdentitySource.TryCreate(options) ??
                new ImdsManagedIdentitySource(options);
        }
    }

I think our current ImdsManagedIdentityCredential is a combination:

All but IMDS has a TryCreate that checks environment variables and fails really fast. I'm not sure what the best way is to implement something similar to TryCreate in Rust for our credentials.

cataggar commented 7 months ago

The Go SDK split up managedIdentityClient from managedIdentityCredential. The client supports these types:

https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/managed_identity_client.go#L49C1-L56C2

const (
    msiTypeAppService msiType = iota
    msiTypeAzureArc
    msiTypeAzureML
    msiTypeCloudShell
    msiTypeIMDS
    msiTypeServiceFabric
)
cataggar commented 7 months ago

The JS SDK supports these types:

https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts#L160-L168

    const MSIs = [
      arcMsi,
      fabricMsi,
      appServiceMsi2019,
      appServiceMsi2017,
      cloudShellMsi,
      tokenExchangeMsi(),
      imdsMsi,
    ];