Skip to content

Backend/azure: Update go-azure-sdk version to v0.20250131.1134653 #36458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
radeksimko merged 5 commits into from
Feb 13, 2025
Merged

Backend/azure: Update go-azure-sdk version to v0.20250131.1134653 #36458

radeksimko merged 5 commits into from
Feb 13, 2025

Conversation

@magodo
Copy link
Contributor

@magodo magodo commented Feb 7, 2025
edited
Loading

This PR updates the hashicorp/go-azure-sdk to version v0.20250131.1134653, for the azure backend. The main reason for this update is to support ADO Pipelines OIDC auth via OIDC Request Token + URL + Service Connection ID, which will refresh the OIDC token if expired.

More context can be found at:

Fixes #35664

Target Release

1.11.x

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

Test

Github Action

name: Backend unit test
on: [workflow_dispatch]

permissions:
  id-token: write
  contents: read
jobs:
  setup-and-test:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout terraform repo'
        uses: actions/checkout@v4
        with:
          repository: 'magodo/terraform'
          ref: 'backend/azure/update_sdk_v0.20250131.1134653'
      - name: 'Setup Go'
        uses: actions/setup-go@v5
        with:
          go-version: '1.23'
      - name: 'Go Test'
        run: |
          cd internal/backend/remote-state/azure
          TF_ACC=1 \
          TF_RUNNING_IN_GITHUB_ACTIONS=1 \
          ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }} \
          ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} \
          ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} \
          ARM_LOCATION=westus2 \
          go test -run="TestAccBackendGithubOIDCBasic" .

image

ADO Pipelines

trigger: 
 - none

pool:
   vmImage: 'ubuntu-latest'

resources:
  repositories:
    - repository: terraform
      type: github
      endpoint: magodo-pat-read-public-repo
      name: magodo/terraform
      ref: backend/azure/update_sdk_v0.20250131.1134653

steps: 
- task: GoTool@0
  inputs:
    version: '1.23.3'

- checkout: terraform

- task: AzureCLI@2
  inputs:
    azureSubscription: $(CONNECTION_ID)
    scriptType: bash
    scriptLocation: "inlineScript"
    inlineScript: |
      set -e
      cd internal/backend/remote-state/azure
      go test -run="TestAccBackendADOPipelinesOIDCBasic" .
  env:
    TF_ACC: 1
    TF_RUNNING_IN_ADO_PIPELINES: 1
    ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
    ARM_TENANT_ID: $(AZURE_TENANT_ID)
    ARM_CLIENT_ID: $(AZURE_CLIENT_ID) 
    ARM_LOCATION: westus2
    ARM_ADO_PIPELINE_SERVICE_CONNECTION_ID: $(CONNECTION_ID)
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)
    SYSTEM_OIDCREQUESTURI: $(System.OidcRequestUri)

image

@magodo magodo requested review from a team as code owners February 7, 2025 05:45
@magodo magodo requested a review from RubenSandwich February 7, 2025 05:45
@magodo magodo mentioned this pull request Feb 7, 2025
Closed
mbfrahry
mbfrahry requested changes Feb 11, 2025
View reviewed changes
Copy link
Member

@mbfrahry mbfrahry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR @magodo. I've left some comments mainly around the naming of the new env variables

mbfrahry
mbfrahry approved these changes Feb 12, 2025
View reviewed changes
Copy link
Member

@mbfrahry mbfrahry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for this @magodo

@xiehan xiehan mentioned this pull request Feb 13, 2025
Merged
2 tasks
@radeksimko radeksimko merged commit 8913b2f into hashicorp:main Feb 13, 2025
12 of 13 checks passed
@radeksimko radeksimko added the 1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged label Feb 14, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Feb 14, 2025

Changelog Warning

Please move the changelog entry from ./.changes/unreleased to ./.changes/backported for this change. If you believe this change does not need a changelog entry, please add the 'no-changelog-needed' label.

radeksimko pushed a commit that referenced this pull request Feb 14, 2025
@magodo @radeksimko
Backend/azure: Update go-azure-sdk version to v0.20250131.1134653 (#3…
f03b623 
…6458)

* dependencies: update go-azure-sdk to v0.20250131.1134653

* Update backend test for Github and ADO to not rely on the env vars

* Setting ado_pipeline_service_connection_id during provider config

* Update doc

* changelog
@radeksimko radeksimko mentioned this pull request Feb 14, 2025
Closed
2 tasks
@radeksimko
Copy link
Member

radeksimko commented Feb 21, 2025

As I was recently informed, our policy is actually to not backport backend related changes aside from exceptional circumstances, such as vulnerability mitigation. I don't believe this change can be classified as exceptional circumstances. As a result, it will be part of v1.12 series.

dbanck pushed a commit that referenced this pull request Mar 12, 2025
@magodo @dbanck
Backend/azure: Update go-azure-sdk version to v0.20250131.1134653 (#3…
ea4af90 
…6458)

* dependencies: update go-azure-sdk to v0.20250131.1134653

* Update backend test for Github and ADO to not rely on the env vars

* Setting ado_pipeline_service_connection_id during provider config

* Update doc

* changelog
@dbanck dbanck mentioned this pull request Mar 12, 2025
Merged
2 tasks
dbanck added a commit that referenced this pull request Mar 12, 2025
@dbanck @magodo
Backport of Backend/azure: Update go-azure-sdk version to v0.20250131…
2d42aed 
….1134653 (#36680)

* Backend/azure: Update go-azure-sdk version to v0.20250131.1134653 (#36458)

* dependencies: update go-azure-sdk to v0.20250131.1134653

* Update backend test for Github and ADO to not rely on the env vars

* Setting ado_pipeline_service_connection_id during provider config

* Update doc

* changelog

* Move changelog to new dir structure

---------

Co-authored-by: magodo <[email protected]>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 24, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@radeksimko radeksimko radeksimko approved these changes

@mbfrahry mbfrahry mbfrahry approved these changes

@RubenSandwich RubenSandwich Awaiting requested review from RubenSandwich RubenSandwich was automatically assigned from hashicorp/web-presence

Assignees

No one assigned

Labels

1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged backend/azure enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enhancement Request: azurerm backend OIDC (Workload Identity federation) authentication support for token refresh

4 participants

@magodo @radeksimko @mbfrahry @crw