Rename WorkloadIdentityCredential.IsAzureKubernetesTokenProxyEnabled to IsAzureProxyEnabled (#54083)

* Initial plan

* Rename IsAzureKubernetesTokenProxyEnabled to EnableAzureProxy

Co-authored-by: JonathanCrd <17486462+JonathanCrd@users.noreply.github.com>

* Revert CHANGELOG.md change to already-shipped version 1.18.0-beta.1

Co-authored-by: JonathanCrd <17486462+JonathanCrd@users.noreply.github.com>

* Rename EnableAzureProxy to IsAzureProxyEnabled for .NET conventions

Co-authored-by: JonathanCrd <17486462+JonathanCrd@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: JonathanCrd <17486462+JonathanCrd@users.noreply.github.com>

Author: Copilot

sdk/identity/Azure.Identity/CHANGELOG.md

@@ -6,6 +6,8 @@
 
 ### Breaking Changes
 
+- Renamed `WorkloadIdentityCredentialOptions.IsAzureKubernetesTokenProxyEnabled` to `IsAzureProxyEnabled` to follow .NET naming conventions for boolean properties.
+
 ### Bugs Fixed
 
 ### Other Changes

sdk/identity/Azure.Identity/README.md

@@ -109,7 +109,7 @@ As of version 1.8.0, `ManagedIdentityCredential` supports [token caching](#token
 
 ## Identity binding mode (WorkloadIdentityCredential)
 
-`WorkloadIdentityCredential` supports an opt-in identity binding mode to work around [Entra ID's limit on federated identity credentials (FICs)](https://learn.microsoft.com/entra/workload-id/workload-identity-federation-considerations#federated-identity-credential-considerations) per managed identity. When enabled via the `IsAzureKubernetesTokenProxyEnabled ` option, the credential redirects token requests to an AKS-provided proxy that handles the FIC exchange centrally, allowing multiple pods to share the same identity without hitting FIC limits.
+`WorkloadIdentityCredential` supports an opt-in identity binding mode to work around [Entra ID's limit on federated identity credentials (FICs)](https://learn.microsoft.com/entra/workload-id/workload-identity-federation-considerations#federated-identity-credential-considerations) per managed identity. When enabled via the `IsAzureProxyEnabled` option, the credential redirects token requests to an AKS-provided proxy that handles the FIC exchange centrally, allowing multiple pods to share the same identity without hitting FIC limits.
 
 **Note:** This feature is only available when using `WorkloadIdentityCredential` directly. It is not supported by `DefaultAzureCredential` or `ManagedIdentityCredential`.
 
@@ -118,7 +118,7 @@ As of version 1.8.0, `ManagedIdentityCredential` supports [token caching](#token
 ```C# Snippet:WorkloadIdentityCredentialWithIdentityBinding
 var credential = new WorkloadIdentityCredential(new WorkloadIdentityCredentialOptions
 {
-    IsAzureKubernetesTokenProxyEnabled = true  // Enable identity binding mode
+    IsAzureProxyEnabled = true  // Enable identity binding mode
 });
 ```
 
@@ -142,7 +142,7 @@ If you're currently using `ManagedIdentityCredential` for workload identity in A
 // After (with identity binding support):
 var credential = new WorkloadIdentityCredential(new WorkloadIdentityCredentialOptions
 {
-    IsAzureKubernetesTokenProxyEnabled = true
+    IsAzureProxyEnabled = true
 });
 ```
 

sdk/identity/Azure.Identity/api/Azure.Identity.net8.0.cs

@@ -502,7 +502,7 @@ public WorkloadIdentityCredentialOptions() { }
         public System.Collections.Generic.IList<string> AdditionallyAllowedTenants { get { throw null; } }
         public string ClientId { get { throw null; } set { } }
         public bool DisableInstanceDiscovery { get { throw null; } set { } }
-        public bool IsAzureKubernetesTokenProxyEnabled { get { throw null; } set { } }
+        public bool IsAzureProxyEnabled { get { throw null; } set { } }
         public string TenantId { get { throw null; } set { } }
         public string TokenFilePath { get { throw null; } set { } }
     }

sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs

@@ -499,7 +499,7 @@ public WorkloadIdentityCredentialOptions() { }
         public System.Collections.Generic.IList<string> AdditionallyAllowedTenants { get { throw null; } }
         public string ClientId { get { throw null; } set { } }
         public bool DisableInstanceDiscovery { get { throw null; } set { } }
-        public bool IsAzureKubernetesTokenProxyEnabled { get { throw null; } set { } }
+        public bool IsAzureProxyEnabled { get { throw null; } set { } }
         public string TenantId { get { throw null; } set { } }
         public string TokenFilePath { get { throw null; } set { } }
     }

sdk/identity/Azure.Identity/src/Credentials/WorkloadIdentityCredential.cs

@@ -45,7 +45,7 @@ public WorkloadIdentityCredential(WorkloadIdentityCredentialOptions options)
                 clientAssertionCredentialOptions.MsalClient = options.MsalClient;
 
                 // Configure Kubernetes token proxy if user opted in
-                if (options.IsAzureKubernetesTokenProxyEnabled)
+                if (options.IsAzureProxyEnabled)
                 {
                     var proxyConfig = KubernetesProxyConfig.TryCreate();
                     if (proxyConfig != null)

sdk/identity/Azure.Identity/src/Credentials/WorkloadIdentityCredentialOptions.cs

@@ -44,7 +44,7 @@ public class WorkloadIdentityCredentialOptions : TokenCredentialOptions, ISuppor
         /// When enabled and proxy configuration environment variables are set, requests are sent to the AKS proxy instead of directly to Entra ID.
         /// This feature is not supported when using DefaultAzureCredential.
         /// </summary>
-        public bool IsAzureKubernetesTokenProxyEnabled { get; set; }
+        public bool IsAzureProxyEnabled { get; set; }
 
         /// <summary>
         /// Specifies tenants in addition to the specified <see cref="TenantId"/> for which the credential may acquire tokens.

sdk/identity/Azure.Identity/tests/WorkloadIdentityCredentialTests.cs

@@ -136,7 +136,7 @@ public void KubernetesProxy_OptInWithoutEnvVars_NoError()
                 TenantId = TenantId,
                 ClientId = ClientId,
                 TokenFilePath = tokenFilePath,
-                IsAzureKubernetesTokenProxyEnabled = true,
+                IsAzureProxyEnabled = true,
                 MsalClient = mockConfidentialMsalClient,
                 Pipeline = CredentialPipeline.GetInstance(null)
             };
@@ -157,7 +157,7 @@ public void KubernetesProxy_InvalidProxyUrl_ThrowsInvalidOperation()
                 TenantId = TenantId,
                 ClientId = ClientId,
                 TokenFilePath = tokenFilePath,
-                IsAzureKubernetesTokenProxyEnabled = true,
+                IsAzureProxyEnabled = true,
                 MsalClient = mockConfidentialMsalClient,
                 Pipeline = CredentialPipeline.GetInstance(null)
             };
@@ -198,7 +198,7 @@ public void KubernetesProxy_BothCaFileAndCaData_ThrowsInvalidOperation()
                 TenantId = TenantId,
                 ClientId = ClientId,
                 TokenFilePath = tokenFilePath,
-                IsAzureKubernetesTokenProxyEnabled = true,
+                IsAzureProxyEnabled = true,
                 MsalClient = mockConfidentialMsalClient,
                 Pipeline = CredentialPipeline.GetInstance(null)
             };
@@ -226,7 +226,7 @@ public void KubernetesProxy_CaFileDoesNotExist_ThrowsInvalidOperation()
                 TenantId = TenantId,
                 ClientId = ClientId,
                 TokenFilePath = tokenFilePath,
-                IsAzureKubernetesTokenProxyEnabled = true,
+                IsAzureProxyEnabled = true,
                 MsalClient = mockConfidentialMsalClient,
                 Pipeline = CredentialPipeline.GetInstance(null)
             };

sdk/identity/Azure.Identity/tests/samples/ReadmeSnippets.cs

@@ -68,7 +68,7 @@ public void WorkloadIdentityCredentialWithIdentityBinding()
             #region Snippet:WorkloadIdentityCredentialWithIdentityBinding
             var credential = new WorkloadIdentityCredential(new WorkloadIdentityCredentialOptions
             {
-                IsAzureKubernetesTokenProxyEnabled = true  // Enable identity binding mode
+                IsAzureProxyEnabled = true  // Enable identity binding mode
             });
             #endregion
         }
@@ -86,7 +86,7 @@ public void MigrationToWorkloadIdentityCredential()
             // After (with identity binding support):
             var credential = new WorkloadIdentityCredential(new WorkloadIdentityCredentialOptions
             {
-                IsAzureKubernetesTokenProxyEnabled = true
+                IsAzureProxyEnabled = true
             });
             #endregion
         }