From 69fbfdbd0d81b7405681fcfd1bf836623d9db314 Mon Sep 17 00:00:00 2001 From: AsafMah Date: Tue, 9 Apr 2024 07:46:54 +0300 Subject: [PATCH] Secretless backport (#239) --- .github/workflows/build.yml | 15 ++++++++++----- kusto/test/etoe/etoe_env.go | 2 +- kusto/test/etoe/etoe_test.go | 25 +++++++++++++++++++------ 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 823f8a21..0e799aaf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,11 +10,19 @@ jobs: build: name: Build runs-on: ubuntu-latest + environment: build permissions: checks: write pull-requests: write + id-token: write + contents: read steps: - + - name: Azure login + uses: azure/login@v2 + with: + client-id: ${{ secrets.APP_ID }} + tenant-id: ${{ secrets.AUTH_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Check out code into the Go module directory uses: actions/checkout@v2 @@ -48,9 +56,6 @@ jobs: go test -p 100 -race -coverprofile=coverage.out -json -v ./... 2>&1 > /tmp/gotest.log env: ENGINE_CONNECTION_STRING: ${{ secrets.ENGINE_CONNECTION_STRING }} - AZURE_CLIENT_ID: ${{ secrets.APP_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.APP_KEY }} - AZURE_TENANT_ID: ${{ secrets.AUTH_ID }} TEST_DATABASE: ${{ secrets.TEST_DATABASE }} SECONDARY_ENGINE_CONNECTION_STRING: ${{ secrets.SECONDARY_ENGINE_CONNECTION_STRING }} SECONDARY_DATABASE: ${{ secrets.SECONDARY_DATABASE }} @@ -83,7 +88,7 @@ jobs: permissions: checks: write pull-requests: write - + steps: - name: Download Artifacts uses: actions/download-artifact@v2 diff --git a/kusto/test/etoe/etoe_env.go b/kusto/test/etoe/etoe_env.go index 01e3df27..ab28324a 100644 --- a/kusto/test/etoe/etoe_env.go +++ b/kusto/test/etoe/etoe_env.go @@ -84,7 +84,7 @@ func init() { return } - if testConfig.ClientID == "" { + if testConfig.ClientID == "" || testConfig.ClientSecret == "" || testConfig.TenantID == "" { testConfig.kcsb = kusto.NewConnectionStringBuilder(testConfig.Endpoint).WithAzCli() } else { testConfig.kcsb = kusto.NewConnectionStringBuilder(testConfig.Endpoint).WithAadAppKey(testConfig.ClientID, testConfig.ClientSecret, testConfig.TenantID) diff --git a/kusto/test/etoe/etoe_test.go b/kusto/test/etoe/etoe_test.go index 34400189..9811de36 100644 --- a/kusto/test/etoe/etoe_test.go +++ b/kusto/test/etoe/etoe_test.go @@ -111,11 +111,19 @@ func TestAuth(t *testing.T) { }, }, } - defaultCred, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{ - ClientOptions: azcore.ClientOptions{ - Transport: &transporter, - }, - }) + var defaultCred azcore.TokenCredential + var err error + + if testConfig.ClientSecret != "" { + defaultCred, err = azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{ + ClientOptions: azcore.ClientOptions{ + Transport: &transporter, + }, + }) + } else { + defaultCred, err = azidentity.NewAzureCLICredential(&azidentity.AzureCLICredentialOptions{}) + } + require.NoError(t, err) credential, err := azidentity.NewChainedTokenCredential([]azcore.TokenCredential{ defaultCred, @@ -1664,8 +1672,13 @@ func TestMultipleClusters(t *testing.T) { //ok t.Log("Closed client") }) - skcsb := kusto.NewConnectionStringBuilder(testConfig.SecondaryEndpoint).WithAadAppKey(testConfig.ClientID, testConfig.ClientSecret, testConfig.TenantID) + var skcsb *kusto.ConnectionStringBuilder + if testConfig.ClientID == "" || testConfig.ClientSecret == "" || testConfig.TenantID == "" { + skcsb = kusto.NewConnectionStringBuilder(testConfig.SecondaryEndpoint).WithAzCli() + } else { + skcsb = kusto.NewConnectionStringBuilder(testConfig.SecondaryEndpoint).WithAadAppKey(testConfig.ClientID, testConfig.ClientSecret, testConfig.TenantID) + } secondaryClient, err := kusto.New(skcsb) if err != nil { panic(err)