-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for v2 auth tokens (i.e. MSAL) #14403
Conversation
9fa7dad
to
f1e795f
Compare
f1e795f
to
d8d2998
Compare
d8d2998
to
b28f86c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @manicminer
Thanks for this PR - apologies for the delayed review on this one.
I've taken a look through and left a few comments inline, but if we can fix those up then this should otherwise be good to go 👍
Thanks!
- This is opt-in behaviour via the provider property `use_msal`, and environment variables `ARM_USE_MSAL` / `ARM_USE_MSGRAPH` (the latter for compatibility with the related backend property - When `use_msal` is true, do not make any API calls to a graph API (legacy or current). There are only 2 uses of this at present: - `data.azurerm_client_config`, which doesn't actually do anything with the result so this appears to be a vestige anyway - `azurerm_hdinsight_kafka_cluster`, the API for which requires both an AAD group ID and name to be specified (?) so currently this resource looks up the group name from the supplied ID. In future we'll require that both are specified (e.g. using `data.azuread_group` for any necessary lookup) - In v3.0, we'll remove support for graph clients in order to delegate any required usage to the AzureAD provider. - Also removes support for Azure Germany, which is now offline
Co-authored-by: Tom Harvey <tombuildsstuff@users.noreply.github.com>
20d8390
to
e04f89d
Compare
Rebased on top of #15043 / main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aside from the 2 pending comments above, this otherwise looks fine to me after a rebase 👍
@tombuildsstuff Thanks for the review & rebase. I've updated the default value for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One comment about always enabling this in 3.0 - otherwise this is fine 🦖
Co-authored-by: Tom Harvey <tombuildsstuff@users.noreply.github.com>
c7a293f
to
55e6ae6
Compare
This functionality has been released in v2.94.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
This is opt-in behavior via the provider property
use_msal
, and environment variablesARM_USE_MSAL
/ARM_USE_MSGRAPH
(the latter for compatibility with the related backend propertyWhen
use_msal
is true, do not make any API calls to a graph API (legacy or current). There are only 2 uses of this at present:data.azurerm_client_config
, which doesn't actually do anything with the result so this appears to be a vestige anywayazurerm_hdinsight_kafka_cluster
, the API for which requires both an AAD group ID and name to be specified (?) so currently this resource looks up the group name from the supplied ID. In future we'll require that both are specified (e.g. usingdata.azuread_group
for any necessary lookup)In v3.0, we'll enable v2 tokens provider-wide, and remove support for graph clients in order to delegate any required usage to the AzureAD provider.
Also removes support for Azure Germany, which is now offline
This PR depends on hashicorp/go-azure-helpers#90
and should be rebased accordingly.Note: Tests for
azurerm_hdinsight_kafka_cluster
are currently failing due to #12417Related: #12443