Adding function to get credential for cross tenant. (!116) · Merge requests · OSDU Software / OSDU Data Platform / Security and Compliance / Secret

Harsheet Shah requested to merge azure/m18-master-HarsheetEdschanges into azure/m18-master Nov 20, 2023

Generating credentials to fetch secrets from customer kv which is in another tenant.

Validations logs

eration-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:Azure Eds is enabled 2023-11-23 08:36:38.015 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] o.o.o.a.KeyVaultFacade correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:Successfully retrieved secret-service-keyvault-uri.

2023-11-23 08:36:38.016 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] o.o.o.a.KeyVaultFacade correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:{"name": "GET_SECRET", "data": "secret-service-keyvault-uri", "duration": 111000000, "resultCode": "200", "success": true}

2023-11-23 08:36:38.017 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] .o.o.s.a.s.PartitionSecretClientResolver correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:getting credentials

2023-11-23 08:36:38.018 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] .o.o.s.a.s.PartitionSecretClientResolver correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:certificate path on pod is /eds/eds-kvcert/edscert.pem

2023-11-23 08:36:38.043 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] o.o.o.a.KeyVaultFacade correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:Successfully retrieved customer-tenant-id.

2023-11-23 08:36:38.044 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] o.o.o.a.KeyVaultFacade correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:{"name": "GET_SECRET", "data": "customer-tenant-id", "duration": 24000000, "resultCode": "200", "success": true}

2023-11-23 08:36:38.067 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] o.o.o.a.KeyVaultFacade correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:Successfully retrieved first-party-client-id.

2023-11-23 08:36:38.068 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] o.o.o.a.KeyVaultFacade correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:{"name": "GET_SECRET", "data": "first-party-client-id", "duration": 23000000, "resultCode": "200", "success": true}

2023-11-23 08:36:38.071 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] .o.o.s.a.s.PartitionSecretClientResolver correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:SecretClient created

2023-11-23 08:36:39.225 INFO secret-648647d49d-4458m --- [ Thread-10] c.a.i.ClientCertificateCredential correlation-id= data-partition-id= api-method= operation-name= user-id= app-id=:Azure Identity => getToken() result for scopes [https://vault.azure.net/.default]: SUCCESS

2023-11-23 08:36:39.226 INFO secret-648647d49d-4458m --- [ Thread-10] c.a.c.i.AccessTokenCache correlation-id= data-partition-id= api-method= operation-name= user-id= app-id=:Acquired a new access token.

2023-11-23 08:36:39.701 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] o.o.o.s.a.s.SecretsManagerImpl correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:Created secret: abcde

2023-11-23 08:36:39.716 INFO secret-648647d49d-4458m --- [p-nio-80-exec-1] TxnLogger correlation-id=d4f11611-3354-4bcd-91c1-fead08098120 data-partition-id=dp1 api-method=POST operation-name={POST [/secrets]} user-id=51d2f791-795b-4c8d-9657-cd23b1f9f2a7 app-id=2f59abbc-7b40-4d0e-91b2-22ca3084bc84:secret.app End Web-API POST /secrets Headers: {content-type:application/json} status=200 time=2492 ms {correlation-id=d4f11611-3354-4bcd-91c1-fead08098120, data-partition-id=dp1}

Edited Nov 23, 2023 by Harsheet Shah

Adding function to get credential for cross tenant.

Merge request reports