From 51067def7a6872737eacdd5bcc51a3db536e1a83 Mon Sep 17 00:00:00 2001 From: Priyanka-Microsoft Date: Thu, 31 Jul 2025 10:57:19 +0530 Subject: [PATCH 1/3] Replace DefaultAzureCredential with ManagedIdentityCredential --- .../AppConfiguration/AppConfiguration.cs | 3 +- .../Helpers/azure_credential_utils.cs | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs diff --git a/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs b/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs index 5bd0dc92..15c03131 100644 --- a/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs +++ b/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs @@ -1,6 +1,7 @@ using Azure.Identity; using Microsoft.Extensions.Azure; using Microsoft.GS.DPSHost.AppConfiguration; +using Microsoft.GS.DPSHost.Helpers; namespace Microsoft.GS.DPSHost.AppConfiguration { @@ -16,7 +17,7 @@ public static void Config(IHostApplicationBuilder builder) //Read AppConfiguration with managed Identity builder.Configuration.AddAzureAppConfiguration(options => { - options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), new DefaultAzureCredential()); + options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), AzureCredentialHelper.GetAzureCredential()); }); //Read ServiceConfiguration diff --git a/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs new file mode 100644 index 00000000..9c10af55 --- /dev/null +++ b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs @@ -0,0 +1,31 @@ +using System; +using System.Threading.Tasks; +using Azure.Core; +using Azure.Identity; + +namespace Microsoft.GS.DPSHost.Helpers +{ + public static class AzureCredentialHelper + { + public static TokenCredential GetAzureCredential(string clientId = null) + { + var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Production"; + + if (string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase)) + { + return new DefaultAzureCredential(); // For local development + } + else + { + return clientId != null + ? new ManagedIdentityCredential(clientId) + : new ManagedIdentityCredential(); + } + } + + public static Task GetAzureCredentialAsync(string clientId = null) + { + return Task.FromResult(GetAzureCredential(clientId)); + } + } +} \ No newline at end of file From d665c9b91dec298d1ea701e243ad215c086b046a Mon Sep 17 00:00:00 2001 From: Priyanka-Microsoft Date: Thu, 31 Jul 2025 14:10:28 +0530 Subject: [PATCH 2/3] Replace DefaultAzureCredential with ManagedIdentityCredential --- .../Helpers/azure_credential_utils.cs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs index 9c10af55..5dad9360 100644 --- a/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs +++ b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs @@ -9,6 +9,15 @@ public static class AzureCredentialHelper { public static TokenCredential GetAzureCredential(string clientId = null) { + """ + Returns an Azure credential based on the application environment. + If the environment is 'dev', it uses DefaultAzureCredential. + Otherwise, it uses ManagedIdentityCredential. + Args: + client_id (str, optional): The client ID for the Managed Identity Credential. + Returns: + Credential object: Either DefaultAzureCredential or ManagedIdentityCredential. + """ var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Production"; if (string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase)) From 47e3d7e927d4ca2589ce496d895ed2603e518764 Mon Sep 17 00:00:00 2001 From: Prajwal D C Date: Thu, 31 Jul 2025 14:29:25 +0530 Subject: [PATCH 3/3] fix: Added Comments and fixed issues with build --- .../Helpers/AzureCredentialHelper.cs | 34 ++++++++++++++++ .../Helpers/azure_credential_utils.cs | 40 ------------------- 2 files changed, 34 insertions(+), 40 deletions(-) create mode 100644 App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs delete mode 100644 App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs diff --git a/App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs new file mode 100644 index 00000000..49fc01f5 --- /dev/null +++ b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs @@ -0,0 +1,34 @@ +using System; +using System.Threading.Tasks; +using Azure.Core; +using Azure.Identity; + +namespace Microsoft.GS.DPSHost.Helpers +{ + /// + /// The Azure Credential Helper class + /// + public static class AzureCredentialHelper + { + /// + /// Get the Azure Credentials based on the environment type + /// + /// The client Id in case of User assigned Managed identity + /// The Credential Object + public static TokenCredential GetAzureCredential(string? clientId = null) + { + var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Production"; + + if (string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase)) + { + return new DefaultAzureCredential(); // CodeQL [SM05139] Okay use of DefaultAzureCredential as it is only used in development + } + else + { + return clientId != null + ? new ManagedIdentityCredential(clientId) + : new ManagedIdentityCredential(); + } + } + } +} \ No newline at end of file diff --git a/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs deleted file mode 100644 index 5dad9360..00000000 --- a/App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs +++ /dev/null @@ -1,40 +0,0 @@ -using System; -using System.Threading.Tasks; -using Azure.Core; -using Azure.Identity; - -namespace Microsoft.GS.DPSHost.Helpers -{ - public static class AzureCredentialHelper - { - public static TokenCredential GetAzureCredential(string clientId = null) - { - """ - Returns an Azure credential based on the application environment. - If the environment is 'dev', it uses DefaultAzureCredential. - Otherwise, it uses ManagedIdentityCredential. - Args: - client_id (str, optional): The client ID for the Managed Identity Credential. - Returns: - Credential object: Either DefaultAzureCredential or ManagedIdentityCredential. - """ - var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Production"; - - if (string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase)) - { - return new DefaultAzureCredential(); // For local development - } - else - { - return clientId != null - ? new ManagedIdentityCredential(clientId) - : new ManagedIdentityCredential(); - } - } - - public static Task GetAzureCredentialAsync(string clientId = null) - { - return Task.FromResult(GetAzureCredential(clientId)); - } - } -} \ No newline at end of file