Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ManagedIdentityTokenProvider change #6637

Merged
merged 7 commits into from
Jul 16, 2019
Merged

ManagedIdentityTokenProvider change #6637

merged 7 commits into from
Jul 16, 2019

Conversation

bainian12345
Copy link
Contributor

  • Allow connection string to accept both "Managed Identity" and "ManagedIdentity"
  • Remove default authority for ManagedIdentityTokenProvider

@jsquire jsquire added Client This issue points to a problem in the data-plane of the library. Service Bus labels Jun 20, 2019
@jsquire jsquire requested review from nemakam and jsquire June 20, 2019 14:00
jsquire
jsquire approved these changes Jun 20, 2019
View reviewed changes
Copy link
Member

@jsquire jsquire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. I left a couple of comments for some minor things.

sdk/servicebus/Microsoft.Azure.ServiceBus/src/Primitives/AzureActiveDirectoryTokenProvider.cs Outdated
@@ -25,7 +20,7 @@ public class AzureActiveDirectoryTokenProvider : TokenProvider
public AzureActiveDirectoryTokenProvider(AuthenticationCallback authenticationCallback, string authority, object state)
{
this.AuthCallback = authenticationCallback ?? throw Fx.Exception.ArgumentNull(nameof(authenticationCallback));
this.authority = authority ?? CommonAuthority;
this.authority = authority;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we consider validating the authority as not null or empty? Seems better to catch that up front then failing when trying to acquire a token later.

sdk/servicebus/Microsoft.Azure.ServiceBus/src/Primitives/TokenProvider.cs
@@ -79,7 +79,7 @@ public static TokenProvider CreateSharedAccessSignatureTokenProvider(string keyN
/// <returns>The <see cref="Microsoft.ServiceBus.TokenProvider" /> for returning Json web token.</returns>
public static TokenProvider CreateAzureActiveDirectoryTokenProvider(
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback,
string authority = AzureActiveDirectoryTokenProvider.CommonAuthority,
string authority,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we consider validating the authority as not null or empty? Seems better to catch that up front then failing when trying to acquire a token later.

@jsquire jsquire requested a review from binzywu June 20, 2019 14:40
nemakam
nemakam reviewed Jun 26, 2019
View reviewed changes
sdk/servicebus/Microsoft.Azure.ServiceBus/src/ServiceBusConnectionStringBuilder.cs Outdated
{
public const string ManagedIdentity = "Managed Identity";
None,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None [](start = 12, length = 4)

This is interesting. For customers who are using SASTokens or SASKeys, this authenticationType would be None. Which is quite confusing.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is EH library doing here?

In reply to: 297837863 [](ancestors = 297837863)

Copy link
Member

@jsquire jsquire Jun 26, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The initial implementation is also string-based, but it is in the process of being given an overhaul, where the new API surface will simply take a token credential that the Azure.Identity library is responsible for producing. As a general rule, authentication should be an external concern; authorization against the resource is an internal one.

see: EventHubClient, line 158

nemakam
nemakam reviewed Jun 26, 2019
View reviewed changes
sdk/servicebus/Microsoft.Azure.ServiceBus/src/ServiceBusConnectionStringBuilder.cs
{
connectionStringBuilder.Append(AuthenticationConfigName).Append(KeyValueSeparator).Append(this.Authentication).Append(KeyValuePairDelimiter);
connectionStringBuilder.Append(AuthenticationConfigName).Append(KeyValueSeparator).Append("Managed Identity").Append(KeyValuePairDelimiter);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Managed Identity" [](start = 106, length = 18)

Can we convert this to a constant on top of this file?

nemakam
nemakam approved these changes Jun 26, 2019
View reviewed changes
Copy link
Contributor

@nemakam nemakam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jsquire jsquire merged commit 50ebe1c into Azure:master Jul 16, 2019
@bainian12345 bainian12345 deleted the bailiu_MiTokenProviderChange branch August 15, 2019 23:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsquire jsquire jsquire approved these changes

@nemakam nemakam nemakam approved these changes

@binzywu binzywu Awaiting requested review from binzywu

Assignees

@bainian12345 bainian12345

Labels
Client This issue points to a problem in the data-plane of the library. Service Bus
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bainian12345 @jsquire @nemakam