feat(mssql): add Azure Workload Identity support#7673
feat(mssql): add Azure Workload Identity support#7673MO2k4 wants to merge 6 commits intokedacore:mainfrom
Conversation
|
Thank you for your contribution! 🙏 Please understand that we will do our best to review your PR and give you feedback as soon as possible, but please bear with us if it takes a little longer as expected. While you are waiting, make sure to:
Once the initial tests are successful, a KEDA member will ensure that the e2e tests are run. Once the e2e tests have been successfully completed, the PR may be merged at a later date. Please be patient. Learn more about our contribution guide. |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
MO2k4
force-pushed
the
feature/mssql-workload-identity
branch
from
758a6c4 to
cf6b498
Compare
|
/run-e2e mssql |
MO2k4
force-pushed
the
feature/mssql-workload-identity
branch
from
ee575e3 to
5788c60
Compare
JorTurFer
left a comment
JorTurFer
left a comment
There was a problem hiding this comment.
The envs added with infra's PR are a bit different, I update them
|
/run-e2e mssql |
| deploymentTemplate = `apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| labels: | ||
| app: mssql-consumer-worker | ||
| name: {{.DeploymentName}} | ||
| namespace: {{.TestNamespace}} | ||
| spec: | ||
| replicas: 0 | ||
| selector: | ||
| matchLabels: | ||
| app: mssql-consumer-worker | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: mssql-consumer-worker | ||
| spec: | ||
| containers: | ||
| - image: ghcr.io/kedacore/tests-mssql:latest | ||
| imagePullPolicy: Always | ||
| name: mssql-consumer-worker | ||
| command: ["sleep"] | ||
| args: ["infinity"] |
There was a problem hiding this comment.
KEDA¡s code is working, but e2e is failing because this consumer doesn't start. It needs to recieve the connection string via env SQL_CONNECTION_STRING. Please include it to fix the tests 🙏
There was a problem hiding this comment.
@JorTurFer thanks for pointing this out, i adapted this.
MO2k4
force-pushed
the
feature/mssql-workload-identity
branch
from
b40ec90 to
0299561
Compare
|
/run-e2e mssql |
Add Azure AD Workload Identity authentication for the MSSQL scaler, enabling passwordless connections to Azure SQL Database. This mirrors the existing PostgreSQL scaler's workload identity implementation. - Use go-mssqldb's NewSecurityTokenConnector for token-based auth - Add token refresh with automatic reconnection on expiry - Add unit tests for workload identity metadata parsing - Add E2E test for Azure SQL with workload identity Signed-off-by: Martin Oehlert <453360+MO2k4@users.noreply.github.com>
Add nil check before accessing token.ExpiresOn to prevent panic on first query when token hasn't been acquired yet. Fix unchecked error return in e2e test cleanup. Signed-off-by: Martin Oehlert <453360+MO2k4@users.noreply.github.com>
The Azure MSSQL AAD workload identity e2e test requires TF_AZURE_MSSQL_* secrets that are not yet provisioned in CI. Change from require.NotEmpty (hard fail) to t.Skip so the test is skipped gracefully until infrastructure is ready. Signed-off-by: Martin Oehlert <453360+MO2k4@users.noreply.github.com>
Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Martin Oehlert <453360+MO2k4@users.noreply.github.com>
Signed-off-by: Martin Oehlert <453360+MO2k4@users.noreply.github.com>
MO2k4
force-pushed
the
feature/mssql-workload-identity
branch
from
0299561 to
4b5ba8f
Compare
JorTurFer
left a comment
JorTurFer
left a comment
There was a problem hiding this comment.
LGTM, just small nitpick inline
Could you open another PR to docs repo documenting this?
| ### New | ||
|
|
||
| - TODO ([#XXX](https://github.com/kedacore/keda/issues/XXX)) | ||
| - **MSSQL Scaler**: Add Azure Workload Identity support for Azure SQL authentication ([#6104](https://github.com/kedacore/keda/issues/6104)) |
There was a problem hiding this comment.
I'd add this as improvement, because it's not new the scaler
Signed-off-by: Martin Oehlert <453360+MO2k4@users.noreply.github.com>
I've added the documentation, is the version reference correct? |
Document the new `azure-workload` pod identity authentication path added by kedacore/keda#7673. The new subsection follows the postgresql scaler's pattern: prerequisites, parameters, remarks, and a complete TriggerAuthentication + ScaledObject example. Signed-off-by: Martin Oehlert <453360+MO2k4@users.noreply.github.com>
|
/run-e2e mssql |
3 participants
Summary
azure-workloadpod identity providermssql.NewSecurityTokenConnectorwith Azure AD token acquisition for Workload Identity connectionsChanges
pkg/scalers/mssql_scaler.go: Add Workload Identity auth flow, token refresh logic, andnewMSSQLWorkloadIdentityConnectionpkg/scalers/mssql_scaler_test.go: Add test cases for Workload Identity metadata parsingpkg/scaling/scalers_builder.go: PassctxtoNewMSSQLScalertests/scalers/mssql/azure_mssql_aad_wi/: New e2e test for MSSQL with Azure AD Workload IdentityCHANGELOG.md: Document the new featureTest plan
go test ./pkg/scalers/...)go test -race ./pkg/scalers/...)go build ./...succeedsgo vet ./...passesgolangci-lintpasses on changed packagesmake verify-scalers-schemapasses/run-e2e(requires Azure infrastructure)