Use DefaultAzureCredentialBuilder

snowplow · Jan 22, 2024 · f0fde19 · f0fde19
1 parent 3ed3a43
commit f0fde19
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 10 deletions.
diff --git a/...wanalytics.snowplow.collectors.scalastream/sinks/AzureAuthenticationCallbackHandler.scala b/...wanalytics.snowplow.collectors.scalastream/sinks/AzureAuthenticationCallbackHandler.scala
@@ -23,17 +23,14 @@ import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
 import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
 import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback
 
-import com.microsoft.azure.credentials.MSICredentials
+import com.azure.identity.DefaultAzureCredentialBuilder
+import com.azure.core.credential.TokenRequestContext
 
 import com.nimbusds.jwt.JWTParser
 
 class AzureAuthenticationCallbackHandler extends AuthenticateCallbackHandler {
 
-  val credentials: MSICredentials = {
-    val clientId = sys.env.get("AZURE_CLIENT_ID_FOR_EVENT_HUB").orElse(sys.env.get("AZURE_CLIENT_ID"))
-    val creds    = new MSICredentials()
-    clientId.map(creds.withClientId).getOrElse(creds)
-  }
+  val credentials = new DefaultAzureCredentialBuilder().build()
 
   var sbUri: String = ""
 
@@ -66,7 +63,9 @@ class AzureAuthenticationCallbackHandler extends AuthenticateCallbackHandler {
     }
 
   def getOAuthBearerToken(): OAuthBearerToken = {
-    val accessToken = credentials.getToken(sbUri)
+    val reqContext = new TokenRequestContext()
+    reqContext.addScopes(sbUri)
+    val accessToken = credentials.getTokenSync(reqContext).getToken
     val jwt         = JWTParser.parse(accessToken)
     val claims      = jwt.getJWTClaimsSet
 

diff --git a/project/BuildSettings.scala b/project/BuildSettings.scala
@@ -88,7 +88,7 @@ object BuildSettings {
       libraryDependencies ++= Seq(
         Dependencies.Libraries.kafkaClients,
         Dependencies.Libraries.mskAuth,
-        Dependencies.Libraries.azureAuth,
+        Dependencies.Libraries.azureIdentity,
 
         // integration tests dependencies
         Dependencies.Libraries.IntegrationTests.specs2,

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
@@ -40,7 +40,7 @@ object Dependencies {
     val thrift           = "0.15.0" // force this version to mitigate security vulnerabilities
     val tracker          = "2.0.0"
     val dataDog4s        = "0.32.0"
-    val azureAuth        = "1.7.14"
+    val azureIdentity    = "1.11.0"
   }
 
   object Libraries {
@@ -75,7 +75,7 @@ object Dependencies {
     val pubsub         = "com.google.cloud"           % "google-cloud-pubsub"         % V.pubsub
     val sqs            = "com.amazonaws"              % "aws-java-sdk-sqs"            % V.awsSdk
     val sts            = "com.amazonaws"              % "aws-java-sdk-sts"            % V.awsSdk % Runtime // Enables web token authentication https://github.com/snowplow/stream-collector/issues/169
-    val azureAuth      = "com.microsoft.azure"        % "azure-client-authentication" % V.azureAuth
+    val azureIdentity  = "com.azure"                  % "azure-identity"              % V.azureIdentity
 
     //common unit tests
     val specs2    = "org.specs2"     %% "specs2-core"                % V.specs2    % Test