wombatu-kun commented on code in PR #16541:
URL: https://github.com/apache/iceberg/pull/16541#discussion_r3478731142


##########
azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java:
##########
@@ -212,4 +202,38 @@ public String keyWrapAlgorithm() {
   public Optional<String> keyVaultUrl() {
     return Optional.ofNullable(this.keyVaultUrl);
   }
+
+  /**
+   * Returns the credential to use when authenticating to Azure Key Vault, 
derived only from
+   * credentials explicitly supplied through configuration: a catalog-vended 
{@link #ADLS_TOKEN}
+   * bearer token, or an explicitly configured {@link 
#ADLS_TOKEN_CREDENTIAL_PROVIDER}.
+   *
+   * <p>Ambient credentials such as {@link 
com.azure.identity.DefaultAzureCredential} are
+   * intentionally not used for Key Vault: combined with a misconfigured or 
malicious vault URL they
+   * could be used to exfiltrate the client's ambient identity. The supplied 
token must be scoped
+   * for Key Vault (for the public cloud, {@code https://vault.azure.net}).
+   *
+   * @return the configured Key Vault token credential, or empty if none was 
supplied
+   */
+  public Optional<TokenCredential> keyVaultTokenCredential() {
+    if (token != null && !token.isEmpty()) {
+      return Optional.of(tokenCredential(token));
+    }
+
+    if (allProperties.containsKey(ADLS_TOKEN_CREDENTIAL_PROVIDER)) {
+      return 
Optional.of(AdlsTokenCredentialProviders.from(allProperties).credential());

Review Comment:
   Separating the two is reasonable, but the managed-identity-for-Key-Vault 
half is intentionally out of scope: removing ambient/`DefaultAzureCredential` 
auth for Key Vault is exactly the fix for #16465. The real remaining gap is 
that `adls.token` is storage-scoped by convention while Key Vault needs a 
vault-scoped token (`https://vault.azure.net`), so one value can't serve both. 
I reused the ADLS properties to keep this security fix minimal and flagged a 
dedicated `azure.keyvault.token` as a follow-up in the description - happy to 
add `azure.keyvault.token` (+ `azure.keyvault.token-credential-provider`) in 
this PR instead if you'd prefer the decoupling now. Note the ambient default 
inside `AdlsTokenCredentialProviders` is never reached on this path: it only 
runs when `adls.token-credential-provider` is explicitly set.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to