Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
a4e90f2
feat(azdext): Add KeyVaultResolver for extension Key Vault secret res…
jongio Mar 8, 2026
0a34232
fix: remove duplicate stubCredential (already in token_provider_test.go)
jongio Mar 9, 2026
a3e5ca0
fix: remove stale files from KV resolver branch
jongio Mar 9, 2026
c097379
fix: suppress gosec G101 false positives in test fixtures
jongio Mar 9, 2026
8649d46
Fix security and code quality audit findings
jongio Mar 11, 2026
a25fbd2
Remove stray coverage artifact
jongio Mar 11, 2026
fd39b75
fix: resolve cspell and gosec CI failures
jongio Mar 11, 2026
f8e247f
fix: apply go fix modernization (strings.Cut)
jongio Mar 11, 2026
eb24bcc
fix: address Copilot review feedback on KeyVaultResolver
jongio Mar 12, 2026
5e14e4c
fix: remove sort.Strings(result) that breaks env var override semantics
jongio Mar 19, 2026
425f474
fix: use case-insensitive matching for @Microsoft.KeyVault prefix
jongio Mar 19, 2026
d596cc7
fix: reject non-standard ports in @Microsoft.KeyVault SecretUri
jongio Mar 19, 2026
f456fa0
fix: reject empty vault name when hostname equals a bare suffix
jongio Mar 19, 2026
9b0e025
refactor: use slices.Sorted(maps.Keys(...)) in ResolveMap
jongio Mar 19, 2026
5115ef8
refactor: use t.Context() instead of context.Background() in tests
jongio Mar 19, 2026
6035a34
test: add @Microsoft.KeyVault cases to IsSecretReference test
jongio Mar 19, 2026
856aa69
test: consolidate HTTP error tests, add recording stub, test error co…
jongio Mar 19, 2026
5d9853b
test: add tests for ResolveSecretEnvironment and SecretFromKeyVaultRe…
jongio Mar 19, 2026
09fdf2c
refactor: use errors.AsType per Go 1.26+ conventions
jongio Mar 26, 2026
5a7843b
fix: resolve CI failures — gofmt and missing mock method
jongio Mar 30, 2026
3aceac6
fix: add ResolveEnvironment, VaultName format, and quote stripping to…
jongio Mar 30, 2026
17c914d
test: address wbreza re-review — fix data race, modernize test patter…
jongio Mar 31, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions cli/azd/.vscode/cspell.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ words:
- yarnpkg
- azconfig
- hostnames
- managedhsm
- microsoftazure
- seekable
- seekability
- APFS
Expand All @@ -108,7 +110,10 @@ words:
- preconfigured
- Println
- sctx
- secretname
- secretversion
- TTLs
- vaultname
languageSettings:
- languageId: go
ignoreRegExpList:
Expand Down
17 changes: 16 additions & 1 deletion cli/azd/cmd/extensions.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"github.com/azure/azure-dev/cli/azd/pkg/exec"
"github.com/azure/azure-dev/cli/azd/pkg/extensions"
"github.com/azure/azure-dev/cli/azd/pkg/input"
kv "github.com/azure/azure-dev/cli/azd/pkg/keyvault"
"github.com/azure/azure-dev/cli/azd/pkg/lazy"
"github.com/azure/azure-dev/cli/azd/pkg/output/ux"
pkgux "github.com/azure/azure-dev/cli/azd/pkg/ux"
Expand Down Expand Up @@ -119,6 +120,7 @@ type extensionAction struct {
extensionManager *extensions.Manager
azdServer *grpcserver.Server
globalOptions *internal.GlobalCommandOptions
kvService kv.KeyVaultService
cmd *cobra.Command
args []string
}
Expand All @@ -132,6 +134,7 @@ func newExtensionAction(
cmd *cobra.Command,
azdServer *grpcserver.Server,
globalOptions *internal.GlobalCommandOptions,
kvService kv.KeyVaultService,
args []string,
) actions.Action {
return &extensionAction{
Expand All @@ -141,6 +144,7 @@ func newExtensionAction(
extensionManager: extensionManager,
azdServer: azdServer,
globalOptions: globalOptions,
kvService: kvService,
cmd: cmd,
args: args,
}
Expand Down Expand Up @@ -216,7 +220,18 @@ func (a *extensionAction) Run(ctx context.Context) (*actions.ActionResult, error

env, err := a.lazyEnv.GetValue()
if err == nil && env != nil {
allEnv = append(allEnv, env.Environ()...)
// Resolve Key Vault secret references only in azd-managed environment
// variables (akvs:// and @Microsoft.KeyVault formats). System env vars
// from os.Environ() are NOT processed — only the azd environment's
// variables may contain KV references.
azdEnvVars := env.Environ()
subId := env.Getenv("AZURE_SUBSCRIPTION_ID")
azdEnvVars, kvErr := kv.ResolveSecretEnvironment(ctx, a.kvService, azdEnvVars, subId)
if kvErr != nil {
log.Printf("warning: %v", kvErr)
}

allEnv = append(allEnv, azdEnvVars...)
}

serverInfo, err := a.azdServer.Start()
Expand Down
Loading
Loading