Periodically read workload identity token from file #1997
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jan 16, 2025
sdk/identity/azure_identity/src/credentials/workload_identity_credentials.rs
Outdated
Show resolved
Hide resolved
github-merge-queue bot
pushed a commit
to neondatabase/neon
that referenced
this pull request
Feb 11, 2025
…0415) The SDK bug Azure/azure-sdk-for-rust#1739 was originally worked around via #10378, but now upstream has provided a fix in [this](Azure/azure-sdk-for-rust#1997) PR, which we've been asked to test. So this is what this PR is doing: revert #10378 (to make sure we fail if the bug isn't fixed by the SDK PR), and apply the SDK PR to our fork. Currently pointing to my local branch to check CI. I'd like to merge the [SDK fork PR](neondatabase/azure-sdk-for-rust#2) before merging this to main.
Fixes Azure#1739 similar to other languages by reading the file every 10 minutes pointed to by AZURE_FEDERATED_TOKEN_FILE.
heaths
requested review from
JeffreyRichter,
LarryOsterman,
RickWinter and
weshaggard
as code owners
RickWinter
reviewed
Feb 12, 2025
sdk/identity/azure_identity/src/credentials/workload_identity_credentials.rs
Show resolved
Hide resolved
RickWinter
approved these changes
Feb 13, 2025
arpad-m
pushed a commit
to neondatabase/azure-sdk-for-rust
that referenced
this pull request
Feb 14, 2025
* Periodically read workload identity token from file Fixes Azure#1739 similar to other languages by reading the file every 10 minutes pointed to by AZURE_FEDERATED_TOKEN_FILE. * Resolve PR feedback
github-merge-queue bot
pushed a commit
to neondatabase/neon
that referenced
this pull request
Feb 17, 2025
The [upstream PR](Azure/azure-sdk-for-rust#1997) has been merged with some changes to use threads with async, so apply them to the neon specific fork to be nice to the executor (before, we had the state as of filing of that PR). Also, rebase onto the latest version of upstream's `legacy` branch. current SDK commits: [link](https://github.com/neondatabase/azure-sdk-for-rust/commits/neon-2025-02-14) now: [link](https://github.com/neondatabase/azure-sdk-for-rust/commits/arpad/neon-refresh) Prior update was in #10790
This was referenced May 13, 2025
bonsairobo
added a commit
to ForesightMiningSoftwareCorporation/azure-sdk-for-rust
that referenced
this pull request
Jun 16, 2025
bonsairobo
added a commit
to ForesightMiningSoftwareCorporation/azure-sdk-for-rust
that referenced
this pull request
Jun 16, 2025
desmondcheongzx
pushed a commit
to Eventual-Inc/azure-sdk-for-rust
that referenced
this pull request
Oct 1, 2025
* Periodically read workload identity token from file Fixes Azure#1739 similar to other languages by reading the file every 10 minutes pointed to by AZURE_FEDERATED_TOKEN_FILE. * Resolve PR feedback
This was referenced Oct 1, 2025
Closed
desmondcheongzx
added a commit
to Eventual-Inc/Daft
that referenced
this pull request
Oct 1, 2025
…entials to continue working > 24 hours (#5299) ## Changes Made From #5269, we know that the azure_identity crate has a bug where AKS Workload Identity credentials stop working ~24 hours after pod start (Azure/azure-sdk-for-rust#1739) that's only fixed in v0.22.0. However, from Azure/azure-sdk-for-rust#2504 and Azure/azure-sdk-for-rust#2635, we see that there is no path to upgrading azure_identity because the latest azure_storage and azure_storage_blobs crates require azure_identity and azure_core <= 0.21.0. The temporary escape hatch is to fork [Azure/azure-sdk-for-rust](https://github.com/Azure/azure-sdk-for-rust) v0.21.0 ourselves (https://github.com/Eventual-Inc/azure-sdk-for-rust), and pull in the patch that fixes the bug (Azure/azure-sdk-for-rust#1997). This patch lives on branch [`desmond/patch-azure-identity`](https://github.com/Eventual-Inc/azure-sdk-for-rust/tree/desmond/patch-azure-identity).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1739 similar to other languages by reading the file every 10 minutes pointed to by AZURE_FEDERATED_TOKEN_FILE.