Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remediate Unsafe PAT Usage #2052

Draft
wants to merge 5 commits into
base: dev
Choose a base branch
from
Draft

Remediate Unsafe PAT Usage #2052

wants to merge 5 commits into from

Conversation

Michael-Wamae
Copy link
Contributor

@Michael-Wamae Michael-Wamae commented May 17, 2024
edited
Loading

Switch from using Personal Access Token (PATs) to using Application Service Principal and Managed Identities

Overview

This PR contains implementation of Authentication using Federated Managed Identity. This remediated usage of unsafe Personal Access Token (PAT).
This PR also contains updated to the OpenAPI.yml server addresses to point to the Torus addresses for DevX API

Notes

Managed Identities are only available to Azure resources that you associate the Managed Identity with. You can only use the Managed Identity from a Torus-hosted Azure resource you've linked your Managed Identity to.

Microsoft Reviewers: Open in CodeFlow

@Michael-Wamae
Remediate Unsafe PAT Usage
0ce957c 
Switch from using Personal Access Token (PATs) to using Application Service Principal and Managed Identities
@Michael-Wamae Michael-Wamae requested a review from a team as a code owner May 17, 2024 06:55
thewahome
thewahome reviewed May 17, 2024
View reviewed changes
GraphWebApi/wwwroot/OpenApi.yaml Outdated
Comment on lines 5 to 11
servers:
- url: https://graphexplorerapi.azurewebsites.net/
- url: https://devxapi-func-prod-eastus.azurewebsites.net/
description: Main server
- url: https://graphexplorerapi-staging.azurewebsites.net/
- url: https://devxapi-func-ppe-eastus.azurewebsites.net/
description: Staging server
- url: https://localhost:44399/
description: Local test server
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though it's not part of the work on this PR, it could possibly be something to do in a new PR, could we move the server definitions to the pipeline?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's also keep the old servers and add the new ones to the list

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@Michael-Wamae Michael-Wamae marked this pull request as draft May 17, 2024 07:40
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thewahome thewahome thewahome left review comments

@musale musale musale left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Michael-Wamae @musale @thewahome