Closed akashsinghal closed 2 weeks ago
akashsinghal
commented
1 year ago @yizha1 we are blocked by this. Azure sdk for go has limitation on the Refresh Token Client not being exposed on latest sdk. We cannot upgrade to latest stable sdk until this is resolved. We will need to postpone this post GA
yizha1
commented
1 year ago @akashsinghal Thanks for sharing this information. This means we need to keep using the current preview SDK, and figure out the upgrade path or other alternatives to solve this issue. We can discuss it further in the community meeting on 8/16/2023.
susanshi
commented
1 year ago Move to 1.1
susanshi
commented
3 months ago Hi @akashsinghal , for new contributor to ramp up on this. Would you be able to include doc and src code links for the impact code path/user scenario. thanks!
susanshi
commented
3 months ago I believe the impacted code path are in azidentity and azureworkloadidentity. @akashsinghal to confirm if this currently cli or only the k8s scenario
akashsinghal
commented
3 months ago @susanshi this issue is tracking specifically the ACR SDK which is used only by oras workload identity auth provider. This issue is blocked. New versions of SDK do not expose only receiving refresh token for AAD token which is what ORAS requires as input for credential. Until a new version exposes a refresh client, we cannot proceed from Ratify side
What would you like to be added?
Ratify’s Azure auth providers rely on a deprecated 2019 preview go sdk to authenticate with the ACR. We should refactor code and migrate to latest SDK.
Anything else you would like to add?
No response
Are you willing to submit PRs to contribute to this feature?