Skip to content

feat: support DefaultAzureCredential authentication#9468

Merged
fcanovai merged 3 commits intomainfrom
dev/default-azure-cred
Jan 8, 2026
Merged

feat: support DefaultAzureCredential authentication#9468
fcanovai merged 3 commits intomainfrom
dev/default-azure-cred

Conversation

@armru
Copy link
Member

@armru armru commented Dec 16, 2025

Adds support for the DefaultAzureCredential authentication mechanism

@armru armru requested review from a team and jsilvela as code owners December 16, 2025 17:03
@dosubot dosubot bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Dec 16, 2025
@cnpg-bot cnpg-bot added backport-requested ◀️ This pull request should be backported to all supported releases release-1.25 release-1.27 release-1.28 labels Dec 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 16, 2025

❗ By default, the pull request is configured to backport to all release branches.

  • To stop backporting this pr, remove the label: backport-requested ◀️ or add the label 'do not backport'
  • To stop backporting this pr to a certain release branch, remove the specific branch label: release-x.y

@armru
Copy link
Member Author

armru commented Dec 16, 2025

/test

@dosubot dosubot bot added documentation 📖 Improvements or additions to documentation enhancement 🪄 New feature or request labels Dec 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 16, 2025

@armru, here's the link to the E2E on CNPG workflow run: https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/20276236763

GabriFedi97
GabriFedi97 reviewed Dec 22, 2025
View reviewed changes
@armru armru force-pushed the dev/default-azure-cred branch from 9a54ce3 to 726bddc Compare December 22, 2025 16:49
mnencia pushed a commit that referenced this pull request Dec 29, 2025
@GabriFedi97
docs: inheritFromAzureAD for managed identities (review #9468) (#9558)
7eaba8e 
Make explicit in the docs that the inheritFromAzureAD option enables the
usage of the Azure Managed Identity authentication mechanism.

Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
mnencia pushed a commit that referenced this pull request Dec 29, 2025
@GabriFedi97 @mnencia
docs: inheritFromAzureAD for managed identities (review #9468) (#9558)
56c142e 
Make explicit in the docs that the inheritFromAzureAD option enables the
usage of the Azure Managed Identity authentication mechanism.

Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
@mnencia mnencia force-pushed the dev/default-azure-cred branch from 7eaba8e to 56c142e Compare December 29, 2025 18:05
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:M This PR changes 30-99 lines, ignoring generated files. labels Dec 30, 2025
mnencia pushed a commit that referenced this pull request Dec 30, 2025
@GabriFedi97 @mnencia
docs: inheritFromAzureAD for managed identities (review #9468) (#9558)
c4e0945 
Make explicit in the docs that the inheritFromAzureAD option enables the
usage of the Azure Managed Identity authentication mechanism.

Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
@mnencia mnencia force-pushed the dev/default-azure-cred branch 2 times, most recently from de89e00 to 44f65a1 Compare December 30, 2025 22:41
@mnencia
Copy link
Member

mnencia commented Dec 30, 2025

/test

@github-actions
Copy link
Contributor

github-actions bot commented Dec 30, 2025

@mnencia, here's the link to the E2E on CNPG workflow run: https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/20607724625

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Dec 30, 2025
@cnpg-bot cnpg-bot added the ok to merge 👌 This PR can be merged label Dec 31, 2025
mnencia added a commit that referenced this pull request Jan 8, 2026
@mnencia
docs(authentication): add disclaimer about authentication methods tes…
07b8a76 
…ting

This disclaimer clarifies that CloudNativePG doesn't independently test all
possible barman-cloud authentication methods. CloudNativePG's responsibility is
limited to passing provided credentials to barman-cloud, which then handles
authentication according to its own implementation.

Related to #9468

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia mnencia mentioned this pull request Jan 8, 2026
Merged
fcanovai pushed a commit that referenced this pull request Jan 8, 2026
@GabriFedi97 @fcanovai
docs: inheritFromAzureAD for managed identities (review #9468) (#9558)
c987e17 
Make explicit in the docs that the inheritFromAzureAD option enables the
usage of the Azure Managed Identity authentication mechanism.

Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
@fcanovai fcanovai force-pushed the dev/default-azure-cred branch from 44f65a1 to 21e8f8c Compare January 8, 2026 11:30
@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Jan 8, 2026
armru and others added 3 commits January 8, 2026 12:30
@armru @fcanovai
feat: support DefaultAzureCredential authentication
c5e285e 
Add support for the DefaultAzureCredential authentication mechanism

Changes:
- Updated AzureCredentials API type documentation to reflect the new UseDefaultAzureCredentials option
- Enhanced Azure Blob Storage documentation with examples of using DefaultAzureCredential
- The validation of this new option is handled by the barman-cloud library's existing validation logic

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@GabriFedi97 @fcanovai
docs: inheritFromAzureAD for managed identities (review #9468) (#9558)
c3e83b6 
Make explicit in the docs that the inheritFromAzureAD option enables the
usage of the Azure Managed Identity authentication mechanism.

Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
@mnencia @fcanovai
docs: improve consistency with barman-cloud documentation
f8cb0d1 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@fcanovai fcanovai force-pushed the dev/default-azure-cred branch from 21e8f8c to f8cb0d1 Compare January 8, 2026 11:30
@fcanovai
Copy link
Contributor

fcanovai commented Jan 8, 2026

/test

@github-actions
Copy link
Contributor

github-actions bot commented Jan 8, 2026

@fcanovai, here's the link to the E2E on CNPG workflow run: https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/20815360336

@fcanovai fcanovai merged commit 4ee0528 into main Jan 8, 2026
34 checks passed
@fcanovai fcanovai deleted the dev/default-azure-cred branch January 8, 2026 14:00
cnpg-bot pushed a commit that referenced this pull request Jan 8, 2026
@armru @GabriFedi97 @mnencia
feat: support DefaultAzureCredential authentication (#9468)
af29a30 
Adds support for the DefaultAzureCredential authentication mechanism

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 4ee0528)
cnpg-bot pushed a commit that referenced this pull request Jan 8, 2026
@armru @GabriFedi97 @mnencia
feat: support DefaultAzureCredential authentication (#9468)
9e0d1f2 
Adds support for the DefaultAzureCredential authentication mechanism

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 4ee0528)
cnpg-bot pushed a commit that referenced this pull request Jan 8, 2026
@armru @GabriFedi97 @mnencia
feat: support DefaultAzureCredential authentication (#9468)
ad42fd3 
Adds support for the DefaultAzureCredential authentication mechanism

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 4ee0528)
mnencia added a commit that referenced this pull request Jan 9, 2026
@mnencia
docs(authentication): add disclaimer about authentication methods tes…
64d4c00 
…ting

This disclaimer clarifies that CloudNativePG doesn't independently test all
possible barman-cloud authentication methods. CloudNativePG's responsibility is
limited to passing provided credentials to barman-cloud, which then handles
authentication according to its own implementation.

Related to #9468

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia added a commit that referenced this pull request Jan 9, 2026
@mnencia
docs(authentication): add disclaimer about authentication methods tes…
564dc9c 
…ting (#9644)

This PR adds a disclaimer to the object stores documentation clarifying
that CloudNativePG does not independently test all authentication
methods supported by barman-cloud. CloudNativePG's responsibility is
limited to passing the provided credentials to barman-cloud, which then
handles authentication according to its own implementation.

This documentation change was decided by the maintainers as part of the
discussion around Azure Default Credentials support (#9468).

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
cnpg-bot pushed a commit that referenced this pull request Jan 9, 2026
@mnencia
docs(authentication): add disclaimer about authentication methods tes…
6ce3719 
…ting (#9644)

This PR adds a disclaimer to the object stores documentation clarifying
that CloudNativePG does not independently test all authentication
methods supported by barman-cloud. CloudNativePG's responsibility is
limited to passing the provided credentials to barman-cloud, which then
handles authentication according to its own implementation.

This documentation change was decided by the maintainers as part of the
discussion around Azure Default Credentials support (#9468).

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 564dc9c)
cnpg-bot pushed a commit that referenced this pull request Jan 9, 2026
@mnencia
docs(authentication): add disclaimer about authentication methods tes…
7519747 
…ting (#9644)

This PR adds a disclaimer to the object stores documentation clarifying
that CloudNativePG does not independently test all authentication
methods supported by barman-cloud. CloudNativePG's responsibility is
limited to passing the provided credentials to barman-cloud, which then
handles authentication according to its own implementation.

This documentation change was decided by the maintainers as part of the
discussion around Azure Default Credentials support (#9468).

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 564dc9c)
cnpg-bot pushed a commit that referenced this pull request Jan 9, 2026
@mnencia
docs(authentication): add disclaimer about authentication methods tes…
280475d 
…ting (#9644)

This PR adds a disclaimer to the object stores documentation clarifying
that CloudNativePG does not independently test all authentication
methods supported by barman-cloud. CloudNativePG's responsibility is
limited to passing the provided credentials to barman-cloud, which then
handles authentication according to its own implementation.

This documentation change was decided by the maintainers as part of the
discussion around Azure Default Credentials support (#9468).

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 564dc9c)
mnencia added a commit that referenced this pull request Jan 20, 2026
@mnencia
docs(authentication): add disclaimer about authentication methods tes…
b096320 
…ting (#9644)

This PR adds a disclaimer to the object stores documentation clarifying
that CloudNativePG does not independently test all authentication
methods supported by barman-cloud. CloudNativePG's responsibility is
limited to passing the provided credentials to barman-cloud, which then
handles authentication according to its own implementation.

This documentation change was decided by the maintainers as part of the
discussion around Azure Default Credentials support (#9468).

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 564dc9c)
mnencia added a commit that referenced this pull request Feb 4, 2026
@mnencia
docs: add missing enhancements to v1.28.1 release notes
9e82d56 
Add two missing enhancements that were backported to release-1.28:
- PR #9468: Azure DefaultAzureCredential authentication support
- PR #9386: PostgreSQL extension names with underscores support

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mnencia mnencia mnencia approved these changes

@fcanovai fcanovai fcanovai approved these changes

@jsilvela jsilvela Awaiting requested review from jsilvela jsilvela is a code owner

+1 more reviewer

@GabriFedi97 GabriFedi97 GabriFedi97 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport-requested ◀️ This pull request should be backported to all supported releases documentation 📖 Improvements or additions to documentation enhancement 🪄 New feature or request lgtm This PR has been approved by a maintainer no-issue ok to merge 👌 This PR can be merged release-1.25 release-1.27 release-1.28 size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@armru @mnencia @fcanovai @GabriFedi97 @cnpg-bot