Merge pull request #158 from bartvdbraak/renovate/clap-4.x-lockfile

Group Azure dependency updates

.github/renovate.json

@@ -1,5 +1,12 @@
 {
 	"$schema": "https://docs.renovatebot.com/renovate-schema.json",
 	"extends": ["config:base"],
-	"reviewers": ["bartvdbraak"]
+	"reviewers": ["bartvdbraak"],
+ "packageRules": [
+    {
+      "matchPackagePrefixes": ["azure"],
+      "groupName": "Azure Dependencies",
+      "groupSlug": "azure-dependencies"
+    }
+ ]
 }

.github/workflows/release.yml

@@ -70,7 +70,7 @@ jobs:
             experimental: false
 
           - name: mac-arm64
-            os: macos-11.0
+            os: macos-latest
             target: aarch64-apple-darwin
             cross: true
             experimental: true

.github/workflows/tests.yml

@@ -56,9 +56,10 @@ jobs:
     - uses: actions/checkout@v4
     - uses: azure/login@v2
       with:
-        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID_BICEP }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
     - name: Deploy Bicep template
       uses: azure/arm-deploy@v2
       with:

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "keyweave"
-version = "0.2.7"
+version = "0.3.1"
 edition = "2021"
 authors = ["Bart van der Braak <bart@vanderbraak.nl>"]
 keywords = ["azure", "keyvault", "env"]
@@ -11,9 +11,9 @@ repository = "https://github.com/bartvdbraak/keyweave/"
 
 [dependencies]
 anyhow = "1.0.82"
-azure_core = "0.19.0"
-azure_identity = "0.19.0"
-azure_security_keyvault = "0.19.0"
+azure_core = "0.21.0"
+azure_identity = "0.21.0"
+azure_security_keyvault = "0.21.0"
 clap = { version = "4.5.4", features = ["derive"] }
 futures = "0.3.30"
 paris = { version = "1.5.15", features = ["macros"] }
@@ -26,4 +26,4 @@ openssl = { version = "0.10", features = ["vendored"] }
 assert_cmd = "2.0.14"
 assert_fs = "1.1.1"
 predicates = "3.1.0"
-serial_test = "3.0.0"
+serial_test = "3.1.0"

bicep/main.bicep

@@ -31,7 +31,7 @@ var nameFormat = '${name.tenantId}-${name.projectId}-${environment}-${name.regio
   Resource Group
 */
 
-resource ResourceGroup 'Microsoft.Resources/resourceGroups@2023-07-01' = {
+resource ResourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = {
   name: format(nameFormat, 'RG', 1)
   location: location
   tags: tags

bicep/modules/kv.bicep

@@ -16,7 +16,7 @@ var accessPolicies = [for identity in identities: {
   Log Analytics Workspace (existing)
 */
 
-resource _logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
+resource _logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
   name: format(nameFormat, 'LAW', 1)
 }
 

bicep/modules/law.bicep

@@ -6,7 +6,7 @@ param tags object
   Log Analytics Workspace
 */
 
-resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
   name: format(nameFormat, 'LAW', 1)
   location: location
   tags: tags

src/main.rs

@@ -1,5 +1,5 @@
 use anyhow::Result;
-use azure_identity::DefaultAzureCredential;
+use azure_identity::{DefaultAzureCredential, TokenCredentialOptions};
 use azure_security_keyvault::prelude::KeyVaultGetSecretsResponse;
 use azure_security_keyvault::KeyvaultClient;
 use clap::Parser;
@@ -237,7 +237,12 @@ async fn main() -> Result<()> {
     let vault_url = format!("https://{}.vault.azure.net", opts.vault_name);
 
     log.loading("Detecting credentials.");
-    let credential = DefaultAzureCredential::default();
+    let credential_options = TokenCredentialOptions::default();
+    let credential =
+        DefaultAzureCredential::create(credential_options).map_err(|e| CustomError {
+            message: format!("Failed to create DefaultAzureCredential: {}", e),
+        })?;
+
     let client = match KeyvaultClient::new(&vault_url, std::sync::Arc::new(credential)) {
         Ok(c) => c,
         Err(err) => {