Skip to content

[MSI v2] - Enable attestation in pop flows #5496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 29, 2025
Merged

[MSI v2] - Enable attestation in pop flows #5496

merged 5 commits into from
Sep 29, 2025
+363 −16

Conversation

gladjohn
Copy link
Contributor

[MSI v2] - Enable attestation in pop flows

@gladjohn gladjohn requested a review from a team as a code owner September 22, 2025 23:29
bgavrilMS
bgavrilMS approved these changes Sep 24, 2025
View reviewed changes
Copy link
Member

@bgavrilMS bgavrilMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, but I have lots of minor comments.

@gladjohn gladjohn force-pushed the gladjohn/attested_flow branch from 6a926fb to 1c409a4 Compare September 25, 2025 18:16
Robbie-Microsoft
Robbie-Microsoft requested changes Sep 25, 2025
View reviewed changes
@gladjohn gladjohn force-pushed the gladjohn/attested_flow branch from 1c409a4 to ae959d9 Compare September 27, 2025 18:32
Robbie-Microsoft
Robbie-Microsoft reviewed Sep 29, 2025
View reviewed changes
tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ImdsV2Tests.cs Outdated
Comment on lines 77 to 78
bool useInMemoryKeys = false,
bool useKeyGuardKeys = false)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just use the useKeyGuardKeys = true? And use InMemory if it's passed in as false? Do you see value in using 2 different params?

Copy link
Contributor Author

@gladjohn gladjohn Sep 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this way we know specifically what we are to expect. alternatively, we can pass the key type.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated to use key type instead.

gladjohn
gladjohn commented Sep 29, 2025
View reviewed changes
tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ImdsV2Tests.cs Outdated
Comment on lines 602 to 605
var mi = await CreateManagedIdentityAsync(httpManager, useKeyGuardKeys: true).ConfigureAwait(false);

// CSR for both the probe and the actual request
httpManager.AddMockHandler(MockHelpers.MockCsrResponse());
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated the comment to

// CreateManagedIdentityAsync does a probe; Add one more CSR response for the actual acquire.

@gladjohn gladjohn merged commit 89ff42a into rginsburg/msiv2_feature_branch Sep 29, 2025
3 checks passed
@gladjohn gladjohn deleted the gladjohn/attested_flow branch September 29, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@Robbie-Microsoft Robbie-Microsoft Robbie-Microsoft approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gladjohn @bgavrilMS @Robbie-Microsoft