Skip to content

Add short lived memory cache for DefaultAzureCredential#15053

Merged
pavel-purma merged 4 commits intomainfrom
dev/pavelpurma/AzureCliCredentialCaching
Sep 24, 2024
Merged

Add short lived memory cache for DefaultAzureCredential#15053
pavel-purma merged 4 commits intomainfrom
dev/pavelpurma/AzureCliCredentialCaching

Conversation

@pavel-purma
Copy link
Contributor

@pavel-purma pavel-purma commented Sep 6, 2024
edited
Loading

This implements complex handling for Azure identity Token credentials by creating new pre-configured ChainedTokenCredential which know about common AzDO Task called AzureCLI@2
There are few cases how you can preconfigure this and provide identity to the DefaultIdentityTokenCredential class.

  1. Enable addSpnToEnvironment property on AzureCLI@2 params. This will use idToken and other provided environment vars to configure WorkloadIdentityCredential
  2. Provide SYSTEM_ACCESSTOKEN environment variable by assigning it to System.AccessToken Azure pipeline variable. Access token together with all provided environment variables will enable AzurePipelineCredential
  3. If none of these are available AzureCliCredential fallback is still there wrapped to AzureCliCredentialWithAzNoUpdateWrapper which will run command for disabling az update mechanism before first token acquire call.

In Feed publishing task where this authentication is used all of these are wrapped to in-memory short lived cache of tokens.
You can see that one in TokenCredentialShortCache class. It works again as wrapper of TokenCredential and caches only for really small amount of time not to affect timeouts defined by specific implementations.

@pavel-purma pavel-purma force-pushed the dev/pavelpurma/AzureCliCredentialCaching branch from 81b5671 to 5a73b20 Compare September 6, 2024 13:09
premun
premun reviewed Sep 6, 2024
View reviewed changes
@pavel-purma pavel-purma force-pushed the dev/pavelpurma/AzureCliCredentialCaching branch 3 times, most recently from 1c31f5e to 5132de4 Compare September 9, 2024 15:54
@pavel-purma pavel-purma force-pushed the dev/pavelpurma/AzureCliCredentialCaching branch 6 times, most recently from 6be8ede to 6488109 Compare September 23, 2024 17:59
@pavel-purma pavel-purma force-pushed the dev/pavelpurma/AzureCliCredentialCaching branch from 6488109 to b555cd9 Compare September 24, 2024 12:09
Add short lived memory cache for tokens acquired by DefaultAzureCrede…
01b045d 
…ntial

Remove from cache flow fix

Exclude TokenCredentialShortCache file from source build
@pavel-purma pavel-purma force-pushed the dev/pavelpurma/AzureCliCredentialCaching branch 2 times, most recently from 3c1a934 to 014bf31 Compare September 24, 2024 13:55
@pavel-purma pavel-purma force-pushed the dev/pavelpurma/AzureCliCredentialCaching branch from 014bf31 to 91f80a2 Compare September 24, 2024 13:57
oleksandr-didyk
oleksandr-didyk previously approved these changes Sep 24, 2024
View reviewed changes
dkurepa
dkurepa previously approved these changes Sep 24, 2024
View reviewed changes
@pavel-purma pavel-purma dismissed stale reviews from oleksandr-didyk and dkurepa via cfb2c41 September 24, 2024 15:42
@pavel-purma pavel-purma merged commit 82d22d0 into main Sep 24, 2024
@pavel-purma pavel-purma deleted the dev/pavelpurma/AzureCliCredentialCaching branch September 24, 2024 17:02
pavel-purma added a commit that referenced this pull request Sep 24, 2024
@pavel-purma
Add short lived memory cache for DefaultAzureCredential (#15053)
c6b2a64 
Co-authored-by: Pavel Purma <pavelpurma@microsoft.com>
This was referenced Sep 24, 2024
Closed
Closed
pavel-purma added a commit that referenced this pull request Sep 25, 2024
@pavel-purma
Add short lived memory cache for DefaultAzureCredential (#15053)
31458d9 
Co-authored-by: Pavel Purma <pavelpurma@microsoft.com>
@pavel-purma pavel-purma mentioned this pull request Sep 25, 2024
Merged
pavel-purma added a commit that referenced this pull request Sep 25, 2024
@pavel-purma
Add short lived memory cache for DefaultAzureCredential (#15053)
a9a3414 
Co-authored-by: Pavel Purma <pavelpurma@microsoft.com>
pavel-purma added a commit that referenced this pull request Sep 25, 2024
@pavel-purma
Add short lived memory cache for DefaultAzureCredential (#15053) (#15105
69abe6b 
)

Co-authored-by: Pavel Purma <pavelpurma@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@premun premun premun left review comments

@dkurepa dkurepa dkurepa approved these changes

@oleksandr-didyk oleksandr-didyk oleksandr-didyk left review comments

+1 more reviewer

@MilenaHristova MilenaHristova MilenaHristova left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@pavel-purma @premun @MilenaHristova @dkurepa @oleksandr-didyk