Secretless backport (#239)

Azure · Apr 9, 2024 · 69fbfdb · 69fbfdb
1 parent 87083c8
commit 69fbfdb
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 12 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,11 +10,19 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+    environment: build
     permissions:
       checks: write
       pull-requests: write
+      id-token: write
+      contents: read
     steps:
-
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.APP_ID }}
+          tenant-id: ${{ secrets.AUTH_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
 
@@ -48,9 +56,6 @@ jobs:
           go test -p 100 -race -coverprofile=coverage.out -json -v ./... 2>&1 > /tmp/gotest.log
         env:
           ENGINE_CONNECTION_STRING: ${{ secrets.ENGINE_CONNECTION_STRING }}
-          AZURE_CLIENT_ID: ${{ secrets.APP_ID }}
-          AZURE_CLIENT_SECRET: ${{ secrets.APP_KEY }}
-          AZURE_TENANT_ID: ${{ secrets.AUTH_ID }}
           TEST_DATABASE: ${{ secrets.TEST_DATABASE }}
           SECONDARY_ENGINE_CONNECTION_STRING: ${{ secrets.SECONDARY_ENGINE_CONNECTION_STRING }}
           SECONDARY_DATABASE: ${{ secrets.SECONDARY_DATABASE }}
@@ -83,7 +88,7 @@ jobs:
     permissions:
       checks: write
       pull-requests: write
-      
+
     steps:
       - name: Download Artifacts
         uses: actions/download-artifact@v2

diff --git a/kusto/test/etoe/etoe_env.go b/kusto/test/etoe/etoe_env.go
@@ -84,7 +84,7 @@ func init() {
 		return
 	}
 
-	if testConfig.ClientID == "" {
+	if testConfig.ClientID == "" || testConfig.ClientSecret == "" || testConfig.TenantID == "" {
 		testConfig.kcsb = kusto.NewConnectionStringBuilder(testConfig.Endpoint).WithAzCli()
 	} else {
 		testConfig.kcsb = kusto.NewConnectionStringBuilder(testConfig.Endpoint).WithAadAppKey(testConfig.ClientID, testConfig.ClientSecret, testConfig.TenantID)

diff --git a/kusto/test/etoe/etoe_test.go b/kusto/test/etoe/etoe_test.go
@@ -111,11 +111,19 @@ func TestAuth(t *testing.T) {
 			},
 		},
 	}
-	defaultCred, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{
-		ClientOptions: azcore.ClientOptions{
-			Transport: &transporter,
-		},
-	})
+	var defaultCred azcore.TokenCredential
+	var err error
+
+	if testConfig.ClientSecret != "" {
+		defaultCred, err = azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{
+			ClientOptions: azcore.ClientOptions{
+				Transport: &transporter,
+			},
+		})
+	} else {
+		defaultCred, err = azidentity.NewAzureCLICredential(&azidentity.AzureCLICredentialOptions{})
+	}
+
 	require.NoError(t, err)
 	credential, err := azidentity.NewChainedTokenCredential([]azcore.TokenCredential{
 		defaultCred,
@@ -1664,8 +1672,13 @@ func TestMultipleClusters(t *testing.T) { //ok
 		t.Log("Closed client")
 	})
 
-	skcsb := kusto.NewConnectionStringBuilder(testConfig.SecondaryEndpoint).WithAadAppKey(testConfig.ClientID, testConfig.ClientSecret, testConfig.TenantID)
+	var skcsb *kusto.ConnectionStringBuilder
 
+	if testConfig.ClientID == "" || testConfig.ClientSecret == "" || testConfig.TenantID == "" {
+		skcsb = kusto.NewConnectionStringBuilder(testConfig.SecondaryEndpoint).WithAzCli()
+	} else {
+		skcsb = kusto.NewConnectionStringBuilder(testConfig.SecondaryEndpoint).WithAadAppKey(testConfig.ClientID, testConfig.ClientSecret, testConfig.TenantID)
+	}
 	secondaryClient, err := kusto.New(skcsb)
 	if err != nil {
 		panic(err)