Rename azure value to azure_imds and replace UAMI that is the identity with IMDS that is the authentication service

Author: emasab

CHANGELOG.md

@@ -3,7 +3,7 @@
 librdkafka v2.12.0 is a feature release:
 
 * Support for OAUTHBEARER metadata based authentication types,
-  starting with Azure UAMI. [Introduction available](INTRODUCTION.md#oauthbearer-oidc-metadata-authentication) (#5155).
+  starting with Azure IMDS. [Introduction available](INTRODUCTION.md#oauthbearer-oidc-metadata-authentication) (#5155).
 
 
 

CONFIGURATION.md

@@ -121,7 +121,7 @@ sasl.oauthbearer.assertion.claim.jti.include |  *  | true, false     |         f
 sasl.oauthbearer.assertion.claim.nbf.seconds |  *  | 0 .. 2147483647 |            60 | low        | Assertion not before time in seconds. Only used when `sasl.oauthbearer.method` is set to "oidc" and JWT assertion is needed. <br>*Type: integer*
 sasl.oauthbearer.assertion.claim.sub     |  *  |                 |               | low        | JWT subject claim. Only used when `sasl.oauthbearer.method` is set to "oidc" and JWT assertion is needed. <br>*Type: string*
 sasl.oauthbearer.assertion.jwt.template.file |  *  |                 |               | low        | Path to the JWT template file. Only used when `sasl.oauthbearer.method` is set to "oidc" and JWT assertion is needed. <br>*Type: string*
-sasl.oauthbearer.metadata.authentication.type |  *  | none, azure     |          none | low        | Type of metadata based authentication to use for OAUTHBEARER/OIDC `azure` authenticates using the Azure UAMI endpoint. Sets a default value for `sasl.oauthbearer.token.endpoint.url` if missing. Configuration values specific of chosen authentication type can be passed through `sasl.oauthbearer.config`. <br>*Type: enum value*
+sasl.oauthbearer.metadata.authentication.type |  *  | none, azure_imds |          none | low        | Type of metadata based authentication to use for OAUTHBEARER/OIDC `azure_imds` authenticates using the Azure IMDS endpoint. Sets a default value for `sasl.oauthbearer.token.endpoint.url` if missing. Configuration values specific of chosen authentication type can be passed through `sasl.oauthbearer.config`. <br>*Type: enum value*
 plugin.library.paths                     |  *  |                 |               | low        | List of plugin libraries to load (; separated). The library search path is platform dependent (see dlopen(3) for Unix and LoadLibrary() for Windows). If no filename extension is specified the platform-specific extension (such as .dll or .so) will be appended automatically. <br>*Type: string*
 interceptors                             |  *  |                 |               | low        | Interceptors added through rd_kafka_conf_interceptor_add_..() and any configuration handled by interceptors. <br>*Type: see dedicated API*
 group.id                                 |  C  |                 |               | high       | Client group id string. All clients sharing the same group.id belong to the same group. <br>*Type: string*

INTRODUCTION.md

@@ -1247,24 +1247,24 @@ some metadata based OAUTHBEARER authentication types.
 
 Currently these authentication types are supported:
 
-###### Azure UAMI
+###### Azure IMDS
 
 to use this method you set:
 
-* `sasl.oauthbearer.metadata.authentication.type=azure` this make that ` sasl.oauthbearer.client.id`
+* `sasl.oauthbearer.metadata.authentication.type=azure_imds` this make that ` sasl.oauthbearer.client.id`
 and `sasl.oauthbearer.client.secret` aren't required
 * `sasl.oauthbearer.config` is a general purpose configuration property
   In this case it's accepts comma-separated `key=value` pairs.
   The `params` key is required and its value is the GET query string to append
   to the token endpoint URL. Such query string contains params required by
-  Azure UAMI such as `client_id` (the UAMI), `resource` for determining the
+  Azure IMDS such as `client_id` (the UAMI), `resource` for determining the
   target audience and `api-version` for the API version to be used by the endpoint
 * `sasl.oauthbearer.token.endpoint.url` (optional) is set automatically
-  when chosing `sasl.oauthbearer.metadata.authentication.type=azure` but can
+  when chosing `sasl.oauthbearer.metadata.authentication.type=azure_imds` but can
   be customized
 
 
-_Example:_  `sasl.oauthbearer.metadata.authentication.type=azure` and
+_Example:_  `sasl.oauthbearer.metadata.authentication.type=azure_imds` and
 `sasl.oauthbearer.config=params=api-version=2018-02-01&resource=api://<App registration client id>&client_id=<UAMI client id>`
 
 

src/rdkafka_conf.c

@@ -1214,7 +1214,7 @@ static const struct rd_kafka_property rd_kafka_properties[] = {
         _RK_C_S2I,
         _RK(sasl.oauthbearer.metadata_authentication.type),
         "Type of metadata based authentication to use for OAUTHBEARER/OIDC "
-        "`azure` authenticates using the Azure UAMI endpoint. "
+        "`azure_imds` authenticates using the Azure IMDS endpoint. "
         "Sets a default value for `sasl.oauthbearer.token.endpoint.url` if "
         "missing. "
         "Configuration values specific of chosen authentication type can be "
@@ -1225,7 +1225,7 @@ static const struct rd_kafka_property rd_kafka_properties[] = {
         .s2i  = {{RD_KAFKA_SASL_OAUTHBEARER_METADATA_AUTHENTICATION_TYPE_NONE,
                   "none"},
                  {RD_KAFKA_SASL_OAUTHBEARER_METADATA_AUTHENTICATION_TYPE_AZURE,
-                  "azure"}},
+                  "azure_imds"}},
     },
 
     /* Plugins */

tests/0126-oauthbearer_oidc.c

@@ -388,30 +388,30 @@ void do_test_produce_consumer_with_OIDC_jwt_bearer(rd_kafka_conf_t *conf) {
 
 
 typedef enum oidc_configuration_metadata_authentication_variation_t {
-        /** Azure UAMI. Successful case. */
-        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_SUCCESS,
-        /** Azure UAMI. Missing client ID. */
-        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_MISSING_CLIENT_ID,
-        /** Azure UAMI. Missing resource parameter. */
-        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_MISSING_RESOURCE,
-        /** Azure UAMI. Missing API version. */
-        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_MISSING_API_VERSION,
+        /** Azure IMDS. Successful case. */
+        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_SUCCESS,
+        /** Azure IMDS. Missing client ID. */
+        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_MISSING_CLIENT_ID,
+        /** Azure IMDS. Missing resource parameter. */
+        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_MISSING_RESOURCE,
+        /** Azure IMDS. Missing API version. */
+        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_MISSING_API_VERSION,
         OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION__CNT
 } oidc_configuration_metadata_authentication_variation_t;
 
 #define OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION__FIRST_FAILING    \
-        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_MISSING_CLIENT_ID
+        OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_MISSING_CLIENT_ID
 
 static const char *oidc_configuration_metadata_authentication_variation_name(
     oidc_configuration_metadata_authentication_variation_t variation) {
         rd_assert(
             variation >=
-                OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_SUCCESS &&
+                OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_SUCCESS &&
             variation <
                 OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION__CNT);
         static const char *names[] = {
-            "Azure UAMI: success", "Azure UAMI: missing client ID",
-            "Azure UAMI: missing resource", "Azure UAMI: missing API version"};
+            "Azure IMDS: success", "Azure IMDS: missing client ID",
+            "Azure IMDS: missing resource", "Azure IMDS: missing API version"};
         return names[variation];
 }
 
@@ -420,41 +420,45 @@ static rd_kafka_conf_t *oidc_configuration_metadata_authentication(
     oidc_configuration_metadata_authentication_variation_t variation) {
         conf = rd_kafka_conf_dup(conf);
         switch (variation) {
-        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_SUCCESS:
+        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_SUCCESS:
                 test_conf_set(conf,
                               "sasl.oauthbearer.metadata.authentication.type",
-                              "azure");
-                test_conf_set(conf, "sasl.oauthbearer.config",
-                              "params=__metadata_authentication_type=azure&"
-                              "api-version=2018-02-01&resource="
-                              "api://external_resource_id&client_id=client_id");
+                              "azure_imds");
+                test_conf_set(
+                    conf, "sasl.oauthbearer.config",
+                    "params=__metadata_authentication_type=azure_imds&"
+                    "api-version=2018-02-01&resource="
+                    "api://external_resource_id&client_id=client_id");
                 break;
-        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_MISSING_CLIENT_ID:
+        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_MISSING_CLIENT_ID:
                 test_conf_set(conf,
                               "sasl.oauthbearer.metadata.authentication.type",
-                              "azure");
-                test_conf_set(conf, "sasl.oauthbearer.config",
-                              "params=__metadata_authentication_type=azure&"
-                              "api-version=2018-02-01&resource="
-                              "api://external_resource_id");
+                              "azure_imds");
+                test_conf_set(
+                    conf, "sasl.oauthbearer.config",
+                    "params=__metadata_authentication_type=azure_imds&"
+                    "api-version=2018-02-01&resource="
+                    "api://external_resource_id");
                 break;
-        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_MISSING_RESOURCE:
+        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_MISSING_RESOURCE:
                 test_conf_set(conf,
                               "sasl.oauthbearer.metadata.authentication.type",
-                              "azure");
-                test_conf_set(conf, "sasl.oauthbearer.config",
-                              "params=__metadata_authentication_type=azure&"
-                              "api-version=2018-02-01&"
-                              "client_id=client_id");
+                              "azure_imds");
+                test_conf_set(
+                    conf, "sasl.oauthbearer.config",
+                    "params=__metadata_authentication_type=azure_imds&"
+                    "api-version=2018-02-01&"
+                    "client_id=client_id");
                 break;
-        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_MISSING_API_VERSION:
+        case OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_MISSING_API_VERSION:
                 test_conf_set(conf,
                               "sasl.oauthbearer.metadata.authentication.type",
-                              "azure");
-                test_conf_set(conf, "sasl.oauthbearer.config",
-                              "params=__metadata_authentication_type=azure&"
-                              "resource="
-                              "api://external_resource_id&client_id=client_id");
+                              "azure_imds");
+                test_conf_set(
+                    conf, "sasl.oauthbearer.config",
+                    "params=__metadata_authentication_type=azure_imds&"
+                    "resource="
+                    "api://external_resource_id&client_id=client_id");
                 break;
         default:
                 TEST_ASSERT(rd_false,
@@ -469,7 +473,7 @@ void do_test_produce_consumer_with_OIDC_metadata_authentication(
         oidc_configuration_metadata_authentication_variation_t variation;
         for (
             variation =
-                OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_SUCCESS;
+                OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION_AZURE_IMDS_SUCCESS;
             variation <
             OIDC_CONFIGURATION_METADATA_AUTHENTICATION_VARIATION__CNT;
             variation++) {