Add support for assuming AWS role via Azure VM managed identity#2261
Add support for assuming AWS role via Azure VM managed identity#2261MarceloRGonc wants to merge 24 commits intomainfrom
Conversation
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
MarceloRGonc
changed the title
There was a problem hiding this comment.
Pull request overview
This PR adds an Azure-managed-identity path to the shared AWS authentication helpers so OpenOps can obtain AWS credentials from an Azure VM identity and use them for implicit-role and role-assumption flows.
Changes:
- Added new shared system properties for enabling Azure managed identity and configuring the AWS federation role ARN.
- Introduced Azure-to-AWS federation helpers and wired them into AWS client creation and STS role assumption.
- Updated AWS auth and test coverage to reflect the new implicit-role behavior and federation flow.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
packages/server/shared/src/lib/system/system-prop.ts |
Adds shared system props for Azure-managed-identity AWS federation. |
packages/openops/test/aws/get-client.test.ts |
Extends client-construction tests for Azure-managed-identity credential loading. |
packages/openops/test/aws/azure-aws-federation.test.ts |
Adds unit tests for Azure OIDC token exchange and AWS role federation helpers. |
packages/openops/test/aws/auth.test.ts |
Updates AWS auth validation expectations and adds helper-function tests. |
packages/openops/src/lib/aws/sts-common.ts |
Adds Azure-managed-identity branching to STS role assumption. |
packages/openops/src/lib/aws/get-client.ts |
Adds Azure-managed-identity credential-provider support for AWS SDK clients. |
packages/openops/src/lib/aws/azure-aws-federation.ts |
Implements Azure IMDS token retrieval and AWS STS federation helpers. |
packages/openops/src/lib/aws/auth.ts |
Changes validation flow for implicit-role auth when static credentials are absent. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Part of OPS-4254.