diff --git a/CHANGELOG.md b/CHANGELOG.md index 124be44085d..d3b7f538063 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -65,7 +65,12 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio ### Deprecations -- TODO ([#XXX](https://github.com/kedacore/keda/issue/XXX)) +You can find all deprecations in [this overview](https://github.com/kedacore/keda/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+label%3Abreaking-change) and [join the discussion here](https://github.com/kedacore/keda/discussions/categories/deprecations). + +New deprecation(s): + +- **Azure Data Explorer**: Deprecate `metadata.clientSecret` ([#4514](https://github.com/kedacore/keda/issues/4514)) + ### Breaking Changes diff --git a/pkg/scalers/azure/azure_data_explorer.go b/pkg/scalers/azure/azure_data_explorer.go index b7685975d30..c9d105c3408 100644 --- a/pkg/scalers/azure/azure_data_explorer.go +++ b/pkg/scalers/azure/azure_data_explorer.go @@ -79,6 +79,15 @@ func getDataExplorerAuthConfig(metadata *DataExplorerMetadata) (*kusto.Connectio return nil, fmt.Errorf("missing credentials. please ensure that TenantID is provided") } kcsb.WithAadAppKey(metadata.ClientID, metadata.ClientSecret, metadata.TenantID) + // This should be here because internaly the SDK resets the configuration + // after calling `WithAadAppKey` + clientOptions := &policy.ClientOptions{ + Cloud: cloud.Configuration{ + ActiveDirectoryAuthorityHost: metadata.ActiveDirectoryEndpoint, + Services: map[cloud.ServiceName]cloud.ServiceConfiguration{}, + }, + } + kcsb.AttachPolicyClientOptions(clientOptions) case kedav1alpha1.PodIdentityProviderAzure, kedav1alpha1.PodIdentityProviderAzureWorkload: azureDataExplorerLogger.V(1).Info(fmt.Sprintf("Creating Azure Data Explorer Client using podIdentity %s", metadata.PodIdentity.Provider)) @@ -87,21 +96,13 @@ func getDataExplorerAuthConfig(metadata *DataExplorerMetadata) (*kusto.Connectio return nil, chainedErr } kcsb.WithTokenCredential(creds) + // We don't need to call to kcsb.AttachPolicyClientOptions because WI/AAD-Pod-Identity manages + // it based on their own configurations default: return nil, fmt.Errorf("missing credentials. please reconfigure your scaled object metadata") } - // This should be here because internaly the SDK resets the configuration - // after calling `WithTokenCredential` and `WithAadAppKey` - clientOptions := &policy.ClientOptions{ - Cloud: cloud.Configuration{ - ActiveDirectoryAuthorityHost: metadata.ActiveDirectoryEndpoint, - Services: map[cloud.ServiceName]cloud.ServiceConfiguration{}, - }, - } - kcsb.AttachPolicyClientOptions(clientOptions) - return kcsb, nil } diff --git a/pkg/scalers/azure_data_explorer_scaler.go b/pkg/scalers/azure_data_explorer_scaler.go index fb6277dfa9e..4ee27dd5738 100644 --- a/pkg/scalers/azure_data_explorer_scaler.go +++ b/pkg/scalers/azure_data_explorer_scaler.go @@ -159,10 +159,17 @@ func parseAzureDataExplorerAuthParams(config *ScalerConfig, logger logr.Logger) } metadata.ClientID = clientID + // FIXME: DEPRECATED to be removed in v2.13 + // We should get the secret only from AuthConfig or env clientSecret, err := getParameterFromConfig(config, "clientSecret", true) if err != nil { return nil, err } + if val, ok := config.TriggerMetadata["clientSecret"]; ok && val != "" { + logger.Info("getting 'clientSecret' from metadata is deprecated, use 'clientSecretFromEnv' or TriggerAuthentication instead") + } + // FIXME: DEPRECATED to be removed in v2.13 + metadata.ClientSecret = clientSecret default: return nil, fmt.Errorf("error parsing auth params")