Merge pull request #34 from pnopjp/AAD0.3.0

Add Workload Identity configuration support and update Azure CLI refe…
pnopjp · Jan 6, 2025 · 92ea447 · 92ea447
2 parents 6f41051 + fda7ff6
commit 92ea447
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/docs/configurations.md b/docs/configurations.md
@@ -52,6 +52,23 @@ The parameters to be set for each credential type are different.
 |-----|-----|-----|
 |Client Id|Client \(Application\) Id of Microsoft Entra ID application.|No|
 
+#### Workload Identity
+
+|Attribute|Description|Required|
+|-----|-----|-----|
+|Authority Host|Microsoft Entra ID endpoint to acquire tokens.|No|
+|Tenant Id|Microsoft Entra ID tenant Id.|No|
+|Additionally allowed tenants|For multi-tenant applications, specifies additional tenants.<br />Describe tenant IDs separated by commas.|No|
+|Client Id|Client \(Application\) Id of Microsoft Entra ID application.|No|
+|Token file path|Path to a file containing a Kubernetes service account token|No|
+
+#### Azure CLI / Azure Developer CLI / Azure PowerShell
+
+|Attribute|Description|Required|
+|-----|-----|-----|
+|Tenant Id|Microsoft Entra ID tenant Id.|No|
+|Additionally allowed tenants|For multi-tenant applications, specifies additional tenants.<br />Describe tenant IDs separated by commas.|No|
+
 #### DefaultAzureCredential
 
 Attempt authentication according to the following.  

diff --git a/plugins/protocol/aad/src/main/java/jp/co/pnop/jmeter/protocol/aad/config/AzAdCredential.java b/plugins/protocol/aad/src/main/java/jp/co/pnop/jmeter/protocol/aad/config/AzAdCredential.java
@@ -62,7 +62,7 @@ public class AzAdCredential extends ConfigTestElement implements TestStateListen
     public static final String CREDENTIALTYPE_MANAGED_ID = "Managed identity";
     public static final String CREDENTIALTYPE_CLIENT_SECRET = "Client secret";
     public static final String CREDENTIALTYPE_CLIENT_CERTIFICATE = "Client certificate";
-    public static final String CREDENTIALTYPE_AZURE_CLI = "Azure Cli";
+    public static final String CREDENTIALTYPE_AZURE_CLI = "Azure CLI";
     public static final String CREDENTIALTYPE_AZURE_POWERSHELL = "Azure PowerShell";
     public static final String CREDENTIALTYPE_AZURE_DEVELOPER_CLI = "Azure Developer CLI";
     public static final String CREDENTIALTYPE_VISUAL_STUDIO_CODE = "Visual Studio Code";
@@ -506,17 +506,20 @@ private HttpClient httpClientBase() {
                         break;
                     */
                     case CREDENTIALTYPE_WORKLOAD_IDENTITY:
+                        authorityHost = getAuthorityHost();
                         tenantId = getTenantId();
                         additionallyAllowedTenants = getAdditionallyAllowedTenants();
                         clientId = getClientId();
                         tokenFilePath = getTokenFilePath();
                         requestBody = requestBody.concat("\n")
+                            .concat("Authority host: ").concat(authorityHost).concat("\n")
                             .concat("Tenant Id: ").concat(tenantId).concat("\n")
                             .concat("Additionally allowed tenants: ").concat(additionallyAllowedTenants).concat("\n")
                             .concat("Client Id: ").concat(clientId).concat("\n")
                             .concat("Token file path: ").concat(tokenFilePath).concat("\n");
 
                         WorkloadIdentityCredentialBuilder wicBuilder = new WorkloadIdentityCredentialBuilder()
+                            .authorityHost(authorityHost)
                             .clientId(clientId)
                             .tenantId(tenantId)
                             .tokenFilePath(tokenFilePath)
@@ -532,8 +535,8 @@ private HttpClient httpClientBase() {
                         authorityHost = getAuthorityHost(); // Environment Credential
                         workloadIdentityClientId = getWorkloadIdentityClientId(); // Workload Identity Credential
                         managedIdentityClientId = getManagedIdentityClientId(); // Managed Identity
-                        tenantId = getTenantId(); // Azure Cli / Azure PowerShell Credential
-                        additionallyAllowedTenants = getAdditionallyAllowedTenants(); // Azure Cli / Azure PowerShell Credential
+                        tenantId = getTenantId(); // Azure CLI / Azure PowerShell Credential
+                        additionallyAllowedTenants = getAdditionallyAllowedTenants(); // Azure CLI / Azure PowerShell Credential
                         intelliJKeePassDatabasePath = getIntelliJKeePassDatabasePath(); // IntelliJ Credential
 
                         if (authorityHost.trim().length() > 0) {

diff --git a/...otocol/aad/src/main/java/jp/co/pnop/jmeter/protocol/aad/config/gui/AzAdCredentialGui.java b/...otocol/aad/src/main/java/jp/co/pnop/jmeter/protocol/aad/config/gui/AzAdCredentialGui.java
@@ -69,6 +69,7 @@ public class AzAdCredentialGui extends AbstractConfigGui implements ChangeListen
     private JRadioButton clientCertificateFiletypePFX;
     private JLabeledTextField clientCertificateFilename;
     private JLabeledPasswordField clientCertificateFilePassword;
+    private JLabeledTextField workloadIdentityAuthorityHost;
     private JLabeledTextField workloadIdentityTenantId;
     private JLabeledTextField workloadIdentityAdditinalyAllowedTenants;
     private JLabeledTextField workloadIdentityClientId;
@@ -150,6 +151,7 @@ public void configure(TestElement element) {
                 break;
 
             case AzAdCredential.CREDENTIALTYPE_WORKLOAD_IDENTITY:
+                workloadIdentityAuthorityHost.setText(element.getPropertyAsString(AzAdCredential.AUTHORITY_HOST));
                 workloadIdentityTenantId.setText(element.getPropertyAsString(AzAdCredential.TENANT_ID));
                 workloadIdentityAdditinalyAllowedTenants.setText(element.getPropertyAsString(AzAdCredential.ADDITIONALLY_ALLOWED_TENANTS));
                 workloadIdentityClientId.setText(element.getPropertyAsString(AzAdCredential.CLIENT_ID));
@@ -241,6 +243,7 @@ public void modifyTestElement(TestElement element) {
                 element.setProperty(AzAdCredential.FILE_PASSWORD, clientCertificateFilePassword.getText());
                 break;
             case AzAdCredential.CREDENTIALTYPE_WORKLOAD_IDENTITY:
+                element.setProperty(AzAdCredential.AUTHORITY_HOST, workloadIdentityAuthorityHost.getText());
                 element.setProperty(AzAdCredential.TENANT_ID, workloadIdentityTenantId.getText());
                 element.setProperty(AzAdCredential.ADDITIONALLY_ALLOWED_TENANTS, workloadIdentityAdditinalyAllowedTenants.getText());
                 element.setProperty(AzAdCredential.CLIENT_ID, workloadIdentityClientId.getText());
@@ -309,6 +312,7 @@ public void clearGui() {
         clientCertificateFiletypePFX.setSelected(false);
         clientCertificateFilename.setText("");
         clientCertificateFilePassword.setText("");
+        workloadIdentityAuthorityHost.setText(AzAdCredential.AUTHORITYHOST_PUBLIC);
         workloadIdentityTenantId.setText("");
         workloadIdentityAdditinalyAllowedTenants.setText("");
         workloadIdentityClientId.setText("");
@@ -465,6 +469,7 @@ private JPanel createClientCertificatePanel() {
     }
 
     private JPanel createWorkloadIdentityPanel() {
+        workloadIdentityAuthorityHost = new JLabeledTextField("Authority host:");
         workloadIdentityTenantId = new JLabeledTextField("Tenant Id:");
         workloadIdentityTenantId.setName(AzAdCredential.TENANT_ID);
         workloadIdentityAdditinalyAllowedTenants = new JLabeledTextField("Additionally allowed tenants:");
@@ -475,6 +480,7 @@ private JPanel createWorkloadIdentityPanel() {
         workloadIdentityTokenFilePath.setName(AzAdCredential.TOKEN_FILE_PATH);
 
         JPanel panel = new VerticalPanel();
+        panel.add(workloadIdentityAuthorityHost);
         panel.add(workloadIdentityTenantId);
         panel.add(workloadIdentityAdditinalyAllowedTenants);
         panel.add(workloadIdentityClientId);