Skip to content

Enhance Bearer Authentication Support with Azure IMDS #2523

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Enhance Bearer Authentication Support with Azure IMDS #2523

wants to merge 2 commits into from

Conversation

emasab
Copy link
Contributor

@emasab emasab commented Sep 23, 2025
edited
Loading

  • Introduced OAuthBearerAzureIMDS as a new authentication method in AuthCredentialsSource.
  • Updated CachedSchemaRegistryClient to support new Azure IMDS authentication configuration.
  • Implemented AzureIMDSBearerAuthenticationHeaderValueProvider for token retrieval using Azure Instance Metadata Service.
  • Added AzureIMDSBearerAuthenticationHeaderValueProviderBuilder to construct the new provider.
  • Refactored existing authentication header value providers to use a builder pattern for better extensibility.
  • Updated SchemaRegistryConfig to include new properties for Azure IMDS token endpoint and query parameters.
  • Enhanced unit tests to cover new Azure IMDS authentication scenarios.

What

Checklist

  • Contains customer facing changes? Including API/behavior changes
  • Did you add sufficient unit test and/or integration test coverage for this PR?
    • If not, please explain why it is not required

References

JIRA:

Test & Review

Unit tests are present. Will attach test results on an Azure instance.

Open questions / Follow-ups

@emasab emasab requested a review from a team as a code owner September 23, 2025 13:28
@Copilot Copilot AI review requested due to automatic review settings September 23, 2025 13:28
@emasab emasab requested a review from a team as a code owner September 23, 2025 13:28
Copilot
Copilot AI reviewed Sep 23, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the Schema Registry client with Azure Instance Metadata Service (IMDS) authentication support, adding a new OAuth bearer authentication method that uses Azure's metadata service for secret-less token retrieval.

  • Introduces OAuthBearerAzureIMDS authentication method with supporting infrastructure
  • Refactors existing authentication providers to use a builder pattern for better extensibility
  • Adds comprehensive test coverage for the new Azure IMDS authentication scenarios

Reviewed Changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
src/Confluent.SchemaRegistry/AuthCredentialsSource.cs Adds new OAuthBearerAzureIMDS enum value
src/Confluent.SchemaRegistry/SchemaRegistryConfig.cs Adds new token endpoint query property and configuration mapping
src/Confluent.SchemaRegistry/Rest/RestService.cs Refactors authentication provider creation to use builder pattern
src/Confluent.SchemaRegistry/Rest/Authentication/OAuth/AzureIMDS/ Implements Azure IMDS authentication provider and builder
src/Confluent.SchemaRegistry/Rest/Authentication/OAuth/ Introduces builder pattern classes for authentication providers
src/Confluent.SchemaRegistry/Rest/Authentication/AbstractBearerAuthenticationHeaderValueProvider.cs Creates abstract base class for bearer authentication providers
src/Confluent.SchemaRegistry/Rest/Authentication/BearerAuthenticationHeaderValueProvider.cs Refactors to extend abstract base class
src/Confluent.SchemaRegistry/CachedSchemaRegistryClient.cs Updates property validation to include new Azure IMDS configuration
test/Confluent.SchemaRegistry.UnitTests/CachedSchemaRegistryClient.cs Adds comprehensive test cases for Azure IMDS authentication
examples/ Adds example demonstrating Azure IMDS usage

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@sonarqube-confluent

This comment has been minimized.

Sign in to view
@emasab
Enhance Bearer Authentication Support with Azure IMDS
8ac4f79 
- Introduced OAuthBearerAzureIMDS as a new authentication method in AuthCredentialsSource.
- Updated CachedSchemaRegistryClient to support new Azure IMDS authentication configuration.
- Implemented AzureIMDSBearerAuthenticationHeaderValueProvider for token retrieval using Azure Instance Metadata Service.
- Added AzureIMDSBearerAuthenticationHeaderValueProviderBuilder to construct the new provider.
- Refactored existing authentication header value providers to use a builder pattern for better extensibility.
- Updated SchemaRegistryConfig to include new properties for Azure IMDS token endpoint and query parameters.
- Enhanced unit tests to cover new Azure IMDS authentication scenarios.
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_sr_oautbearer_azure_imds branch from 62fd1b8 to 8ac4f79 Compare September 23, 2025 14:43
@sonarqube-confluent

This comment has been minimized.

Sign in to view
@sonarqube-confluent

This comment has been minimized.

Sign in to view
1 similar comment
@sonarqube-confluent
Copy link

Failed

  • 79.20% Coverage on New Code (is less than 80.00%)

Analysis Details

0 Issues

  • Bug 0 Bugs
  • Vulnerability 0 Vulnerabilities
  • Code Smell 0 Code Smells

Coverage and Duplications

  • Coverage 79.20% Coverage (77.00% Estimated after merge)
  • Duplications No duplication information (0.00% Estimated after merge)

Project ID: confluent-kafka-dotnet

View in SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@emasab