azure-sdk-for-java icon indicating copy to clipboard operation
azure-sdk-for-java copied to clipboard

Published 20 hours ago verified publisher icon Azure

[FEATURE REQ] Support Workload Identity Auth for Azure Postgresql

Open mschmidt291 opened this issue 10 months ago • 7 comments

Is your feature request related to a problem? Please describe. The azure-identity-extension library currently does not support the usage of Workload Identity and only supports Managed Identity.

Describe the solution you'd like Azure Workload Identity should be implemented into azure-identity-extensions. It is already implemented for the normal azure-identity which is a dependency of azure-identity-extensions.

Describe alternatives you've considered Only alternative feasible for us would be the usage of Certificates, but we would like the workload identity to work

Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • [x] Description Added
  • [x] Expected solution specified

mschmidt291 avatar Apr 04 '24 07:04 mschmidt291

@billwert @g2vinay

github-actions[bot] avatar Apr 04 '24 07:04 github-actions[bot]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

github-actions[bot] avatar Apr 04 '24 07:04 github-actions[bot]

Hello @mschmidt291

Thanks for the report! We'll take a look at this and get back to you soon.

billwert avatar Apr 05 '24 22:04 billwert

Hello @mschmidt291

Thanks for the report! We'll take a look at this and get back to you soon.

Thanks for the speedy response. Let me know if you need additional Input from me or more specific details.

mschmidt291 avatar Apr 06 '24 12:04 mschmidt291

Tagging as 'Discuss in Office Hours' /cc @scottaddie @christothes

joshfree avatar Apr 11 '24 15:04 joshfree

@joshfree @scottaddie @christothes Any updates here ?

mschmidt291 avatar Apr 24 '24 09:04 mschmidt291

Hello @mschmidt291! Apologies for the delay.

We need to do some further investigation of this feature request. We're going to do so over the next few months. This is not something we're going to get to and ship quickly. We appreciate the suggestion and will see what we can do!

billwert avatar May 15 '24 21:05 billwert

azure-identity-extension version 1.1.19 is still impacted by this.

Use case: using azure-identity-extension in a AKS environment with Microsoft Entra Workload ID to connect Java applications to oss-rdbms such as PSQL and MySQL.

Edit:

The funny part is that spring-cloud-azure-starter-jdbc-postgresql works just fine with a Workload identity. However that is problematic for non-Spring workloads.

pdefreitas avatar Sep 24 '24 23:09 pdefreitas