-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
None
-
BU Product Work
-
3
-
False
-
False
-
OCPSTRAT-333 - Replace deprecated Azure Active Directory Graph & ADAL API
-
Impediment
-
-
Sprint 215, Sprint 216
The installer uses go-autorest for authentication which uses deprecated ADAL under the hood:
https://github.com/openshift/installer/blob/master/pkg/asset/installconfig/azure/session.go#L13
https://github.com/Azure/go-autorest/issues/636
We should move to using the azidentity package:
https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity
Acceptance Criteria:
- Authentication uses the new azidentity package
- All clients can authenticate using the session struct
- After introducing the new package, attempt to remove these direct adal dependencies from go.mod .] If it is not possible to remove these require statements, document (informally, github or jira comment is fine), why we can't remove them.
- compatibility with Azure Stack Hub/GovCloud: users should be able to authenticate to Azure Stack Hub & GovCloud as well as Azure Public Cloud
Make sure to check:
dependency between SDK and terraform provider- The current sdk version has the azidentity package, so unless it needs updating for other reasons, this should not be needed
Engineering Details
- See 3.4 in Azure Authentication with the Azure SDK for Go for a very basic example of getting creds and creating a client
- The installer keeps all logic for authenticating in the session struct
- That session struct is then used by various clients for example the subscriptions client
- There are other examples of clients throughout the code, so we need to check for all references to session to make sure these are handled. Make sure to update the clients in the destroy code: https://github.com/openshift/installer/blob/master/pkg/destroy/azure/azure.go#L56-L76
- is related to
-
-
- Closed
-
- links to