Updated the service principal code to leverage DefaultCredentials for Workload Identity Support.
All Submissions:
- [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
- [YES/NO] I have updated the documentation accordingly.
- [YES/NO/NA] I have added tests to cover my changes.
- [YES/NO/NA] All new and existing tests passed.
- [YES/NO/NA] My code follows the code style of this project.
- [YES/NO/NA] I ran lint checks locally prior to submission.
What is the issue or story related to the change?
The current code is implemented in a way that supports AAD Pod Identity with a fallback to Service Principal.
The preferred approach is to use the DefaultAzureCredential instead with supports chained credential checks.
* DefaultAzureCredential tries the following authentication methods in order:
* 1. Environment Credentials (service principal credentials in environment variables)
* 2. Workload Identity Credentials (when running in AKS with Workload Identity)
* 3. Managed Identity Credentials (including Pod Identity)
* 4. Azure CLI Credentials (for local development)
* 5. Visual Studio Code Credentials (for local development)
* 6. Azure PowerShell Credentials (for local development)
* 7. Interactive Browser Credentials (for local development)
High level design:
Issue:
Current code doesn't support Workload Identity
Change details:
Test coverage:
Does this introduce a breaking change?
- [YES/NO]
Pending items
Reviewer request
- Please provide an ETA when you plan to review this MR. Write a comment to decline or provide an ETA.
- Block the MR if you feel there is less testing or no details in the MR
- Please cover the following aspects in the MR -- Coding design: <Reviewer1> -- Backward Compatibility: <Reviewer2> -- Feature Logic: <Logic design> -- <Any other context mention here> OR -- <Component 1>: <Reviewer1> -- <CosmosDB>: <Reviewer2> -- <ServiceBus> <Reviewer3> -- <Mention any other component and owner>