Skip to content

Comments

refactor(azure): remove unused config fields and Traefik Forward Auth#129

Open
Lytol wants to merge 1 commit intomainfrom
bs-unused-azure-fields
Open

refactor(azure): remove unused config fields and Traefik Forward Auth#129
Lytol wants to merge 1 commit intomainfrom
bs-unused-azure-fields

Conversation

@Lytol
Copy link
Contributor

@Lytol Lytol commented Feb 19, 2026

Description

This PR removes unused configuration fields from AzureWorkloadConfig and removes the incomplete/broken Traefik Forward Auth feature for Azure workloads.

Changes

Removed 6 Unused Config Fields

The following fields were defined but never used in the codebase:

  • client_id / ClientID - Never referenced; managed identities are created dynamically
  • secrets_provider_client_id / SecretsProviderClientID - Only used by Traefik Forward Auth (also removed)
  • instance_type / InstanceType - Replaced by node pool instance type configs
  • control_plane_node_count / ControlPlaneNodeCount - Not applicable to managed AKS
  • worker_node_count / WorkerNodeCount - Replaced by node pool configs
  • db_storage_size_gb / DBStorageSizeGB - Value hardcoded to 128 in implementation

Removed Traefik Forward Auth for Azure Workloads

The Traefik Forward Auth feature for Azure was incomplete and broken:

  • Required manual managed identity setup (never documented)
  • Used legacy VM-based identity instead of modern workload identity
  • Hardcoded to Okta only
  • Inconsistent with how other services manage identities

Note: AWS Traefik Forward Auth support remains intact and functional.

Files Changed

  • lib/types/workload.go - Removed 6 fields from AzureWorkloadConfig
  • lib/types/workload_test.go - Updated tests
  • python-pulumi/src/ptd/azure_workload.py - Removed 6 fields
  • python-pulumi/src/ptd/pulumi_resources/azure_workload_clusters.py - Removed Traefik Forward Auth integration
  • python-pulumi/src/ptd/pulumi_resources/traefik_forward_auth_azure.py - Deleted (117 lines)
  • python-pulumi/tests/test_azure_bastion_config.py - Updated tests

Category of change

  • Refactor: a code change that neither fixes a bug nor adds a feature

Testing

  • ✅ All Python tests pass (111 passed)
  • ✅ All Go tests pass
  • ✅ Build successful
  • just runs cleanly
  • Still need to verify against internal workload

@Lytol
refactor(azure): remove unused config fields and Traefik Forward Auth
98a1120 
Remove 6 unused configuration fields from AzureWorkloadConfig:
- client_id: Never referenced, managed identities created dynamically
- secrets_provider_client_id: Only used by Traefik Forward Auth
- instance_type: Replaced by node pool instance type configs
- control_plane_node_count: Not applicable to managed AKS
- worker_node_count: Replaced by node pool configs
- db_storage_size_gb: Value hardcoded in implementation

Remove Traefik Forward Auth support for Azure workloads:
- Deleted traefik_forward_auth_azure.py
- Removed integration from azure_workload_clusters.py
- Feature required manual managed identity setup (broken/incomplete)
- Feature hardcoded to Okta only
- AWS Traefik Forward Auth support remains intact

Updated tests to reflect removed fields.
@Lytol Lytol requested a review from a team as a code owner February 19, 2026 01:35
@Lytol Lytol requested review from amdove and ian-flores February 19, 2026 01:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevenolen stevenolen stevenolen approved these changes

@ian-flores ian-flores Awaiting requested review from ian-flores

@amdove amdove Awaiting requested review from amdove

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Lytol @stevenolen