wip(examples): use object id for user assigned

Author: ndyakov

README.md

@@ -178,7 +178,7 @@ graph TD
     B -->|Yes| C{System Assigned?}
     B -->|No| D{Client Credentials?}
     C -->|Yes| E[SystemAssignedIdentity]
-    C -->|No| F[UserAssignedIdentity]
+    C -->|No| F[UserAssignedObjectID]
     D -->|Yes| G{Client Secret?}
     D -->|No| H[DefaultAzureIdentity]
     G -->|Yes| I[ClientSecret]
@@ -276,10 +276,10 @@ Options for managed identity authentication:
 ```go
 type ManagedIdentityProviderOptions struct {
     // Required: Type of managed identity
-    ManagedIdentityType ManagedIdentityType // SystemAssignedIdentity or UserAssignedIdentity
+    ManagedIdentityType ManagedIdentityType // SystemAssignedIdentity or UserAssignedObjectID
 
     // Optional: Client ID for user-assigned identity
-    UserAssignedClientID string
+    UserAssignedObjectID string
 
     // Optional: Scopes for token access
     // Default: ["https://redis.azure.com/.default"]
@@ -426,8 +426,8 @@ provider, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedId
         ClientID: os.Getenv("AZURE_CLIENT_ID"),
     },
     ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
-        ManagedIdentityType: identity.UserAssignedIdentity,
-        UserAssignedClientID: os.Getenv("AZURE_USER_ASSIGNED_MANAGED_ID"),
+        ManagedIdentityType: identity.UserAssignedObjectID,
+        UserAssignedObjectID: os.Getenv("AZURE_USER_ASSIGNED_MANAGED_ID"),
         Scopes: []string{"https://redis.azure.com/.default"},
     },
 })

examples/entraid/managedidentity_user/main.go

@@ -28,8 +28,8 @@ func main() {
 			ClientID: cfg.AzureClientID,
 		},
 		ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
-			ManagedIdentityType:  "UserAssigned",
-			UserAssignedClientID: cfg.AzureUserAssignedManagedID,
+			ManagedIdentityType:  identity.UserAssignedObjectID,
+			UserAssignedObjectID: cfg.AzureUserAssignedManagedID,
 			Scopes:               cfg.GetRedisScopes(),
 		},
 	})

identity/managed_identity_provider.go

@@ -21,11 +21,11 @@ type ManagedIdentityClient interface {
 // ManagedIdentityProviderOptions represents the options for the managed identity provider.
 // It is used to configure the identity provider when requesting a token.
 type ManagedIdentityProviderOptions struct {
-	// UserAssignedClientID is the client ID of the user assigned identity.
+	// UserAssignedObjectID is the object ID that is used to identify the user assigned identity.
 	// This is used to identify the identity when requesting a token.
-	UserAssignedClientID string
+	UserAssignedObjectID string
 	// ManagedIdentityType is the type of managed identity.
-	// This can be either SystemAssigned or UserAssigned.
+	// This can be either SystemAssigned or UserAssignedObjectID.
 	ManagedIdentityType string
 	// Scopes is a list of scopes that the identity has access to.
 	// This is used to specify the permissions that the identity has when requesting a token.
@@ -34,12 +34,12 @@ type ManagedIdentityProviderOptions struct {
 
 // ManagedIdentityProvider represents a managed identity provider.
 type ManagedIdentityProvider struct {
-	// userAssignedClientID is the client ID of the user assigned identity.
+	// userAssignedObjectID is the client ID of the user assigned identity.
 	// This is used to identify the identity when requesting a token.
-	userAssignedClientID string
+	userAssignedObjectID string
 
 	// managedIdentityType is the type of managed identity.
-	// This can be either SystemAssigned or UserAssigned.
+	// This can be either SystemAssigned or UserAssignedObjectID.
 	managedIdentityType string
 
 	// scopes is a list of scopes that the identity has access to.
@@ -64,7 +64,7 @@ func (c *realManagedIdentityClient) AcquireToken(ctx context.Context, resource s
 func NewManagedIdentityProvider(opts ManagedIdentityProviderOptions) (*ManagedIdentityProvider, error) {
 	var client ManagedIdentityClient
 
-	if opts.ManagedIdentityType != SystemAssignedIdentity && opts.ManagedIdentityType != UserAssignedIdentity {
+	if opts.ManagedIdentityType != SystemAssignedIdentity && opts.ManagedIdentityType != UserAssignedObjectID {
 		return nil, errors.New("invalid managed identity type")
 	}
 
@@ -78,21 +78,21 @@ func NewManagedIdentityProvider(opts ManagedIdentityProviderOptions) (*ManagedId
 			return nil, fmt.Errorf("couldn't create managed identity client: %w", err)
 		}
 		client = &realManagedIdentityClient{client: miClient}
-	case UserAssignedIdentity:
-		// UserAssignedIdentity is required to be specified when using a user assigned identity.
-		if opts.UserAssignedClientID == "" {
-			return nil, errors.New("user assigned client ID is required when using user assigned identity")
+	case UserAssignedObjectID:
+		// UserAssignedObjectID is required to be specified when using a user assigned identity.
+		if opts.UserAssignedObjectID == "" {
+			return nil, errors.New("user assigned object ID is required when using user assigned identity")
 		}
-		// UserAssignedIdentity is the type of identity that is managed by the user.
-		miClient, err := mi.New(mi.UserAssignedClientID(opts.UserAssignedClientID))
+		// UserAssignedObjectID is the type of identity that is managed by the user.
+		miClient, err := mi.New(mi.UserAssignedObjectID(opts.UserAssignedObjectID))
 		if err != nil {
 			return nil, fmt.Errorf("couldn't create managed identity client: %w", err)
 		}
 		client = &realManagedIdentityClient{client: miClient}
 	}
 
 	return &ManagedIdentityProvider{
-		userAssignedClientID: opts.UserAssignedClientID,
+		userAssignedObjectID: opts.UserAssignedObjectID,
 		managedIdentityType:  opts.ManagedIdentityType,
 		scopes:               opts.Scopes,
 		client:               client,

identity/managed_identity_provider_test.go

@@ -39,19 +39,19 @@ func TestNewManagedIdentityProvider(t *testing.T) {
 		{
 			name: "User assigned identity with client ID",
 			opts: ManagedIdentityProviderOptions{
-				ManagedIdentityType:  UserAssignedIdentity,
-				UserAssignedClientID: "test-client-id",
+				ManagedIdentityType:  UserAssignedObjectID,
+				UserAssignedObjectID: "test-client-id",
 				Scopes:               []string{"https://redis.azure.com"},
 			},
 			expectedError: "",
 		},
 		{
 			name: "User assigned identity without client ID",
 			opts: ManagedIdentityProviderOptions{
-				ManagedIdentityType: UserAssignedIdentity,
+				ManagedIdentityType: UserAssignedObjectID,
 				Scopes:              []string{"https://redis.azure.com"},
 			},
-			expectedError: "user assigned client ID is required when using user assigned identity",
+			expectedError: "user assigned object ID is required when using user assigned identity",
 		},
 		{
 			name: "Invalid identity type",
@@ -75,7 +75,7 @@ func TestNewManagedIdentityProvider(t *testing.T) {
 				assert.NoError(t, err)
 				assert.NotNil(t, provider)
 				assert.Equal(t, tt.opts.ManagedIdentityType, provider.managedIdentityType)
-				assert.Equal(t, tt.opts.UserAssignedClientID, provider.userAssignedClientID)
+				assert.Equal(t, tt.opts.UserAssignedObjectID, provider.userAssignedObjectID)
 				assert.Equal(t, tt.opts.Scopes, provider.scopes)
 				assert.NotNil(t, provider.client)
 			}

identity/providers.go

@@ -5,8 +5,9 @@ package identity
 const (
 	// SystemAssignedIdentity is the type of identity that is automatically managed by Azure.
 	SystemAssignedIdentity = "SystemAssigned"
-	// UserAssignedIdentity is the type of identity that is managed by the user.
-	UserAssignedIdentity = "UserAssigned"
+	// UserAssignedObjectID is the type of identity that is managed by the user.
+	UserAssignedObjectID = "UserAssignedObjectID"
+
 
 	// ClientSecretCredentialType is the type of credentials that uses a client secret to authenticate.
 	ClientSecretCredentialType = "ClientSecret"

identity/providers_test.go

@@ -16,8 +16,8 @@ func TestConstants(t *testing.T) {
 			expected: "SystemAssigned",
 		},
 		{
-			name:     "UserAssignedIdentity",
-			got:      UserAssignedIdentity,
+			name:     "UserAssignedObjectID",
+			got:      UserAssignedObjectID,
 			expected: "UserAssigned",
 		},
 		{

providers_test.go

@@ -30,8 +30,8 @@ func TestNewManagedIdentityCredentialsProvider(t *testing.T) {
 					},
 				},
 				ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
-					UserAssignedClientID: "test-client-id",
-					ManagedIdentityType:  identity.UserAssignedIdentity,
+					UserAssignedObjectID: "test-client-id",
+					ManagedIdentityType:  identity.UserAssignedObjectID,
 					Scopes:               []string{identity.RedisScopeDefault},
 				},
 			},
@@ -277,8 +277,8 @@ func TestCredentialsProviderInterface(t *testing.T) {
 						},
 					},
 					ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
-						UserAssignedClientID: "test-client-id",
-						ManagedIdentityType:  identity.UserAssignedIdentity,
+						UserAssignedObjectID: "test-client-id",
+						ManagedIdentityType:  identity.UserAssignedObjectID,
 						Scopes:               []string{identity.RedisScopeDefault},
 					},
 				}
@@ -392,8 +392,8 @@ func TestNewManagedIdentityCredentialsProvider_TokenManagerFactoryError(t *testi
 			},
 		},
 		ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
-			UserAssignedClientID: "test-client-id",
-			ManagedIdentityType:  identity.UserAssignedIdentity,
+			UserAssignedObjectID: "test-client-id",
+			ManagedIdentityType:  identity.UserAssignedObjectID,
 			Scopes:               []string{identity.RedisScopeDefault},
 		},
 	}
@@ -470,8 +470,8 @@ func TestNewManagedIdentityCredentialsProvider_TokenManagerStartError(t *testing
 			},
 		},
 		ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
-			UserAssignedClientID: "test-client-id",
-			ManagedIdentityType:  identity.UserAssignedIdentity,
+			UserAssignedObjectID: "test-client-id",
+			ManagedIdentityType:  identity.UserAssignedObjectID,
 			Scopes:               []string{identity.RedisScopeDefault},
 		},
 	}