Add AAD support for EG #19421
Add AAD support for EG #19421
Conversation
rakshith91
requested review from
lmazuel,
swathipil and
yunhaoling
as code owners
ghost
added
the
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| from .. import _constants as constants | ||
| from .._signature_credential_policy import EventGridSasCredentialPolicy | ||
|
|
||
| def _get_authentication_policy_async(credential): |
There was a problem hiding this comment.
nit: I think we could avoid duplicating the _get_authentication_policy method for async by adding a policy type argument in the sync helper.
def _get_authentication_policy(credential, bearer_token_policy=BearerTokenCredentialPolicy):
if hasattr(credential, "get_token"):
return bearer_token_policy(
credential,
constants.DEFAULT_EVENTGRID_SCOPE
)then in the async, we do
_get_authentication_policy(credential, AsyncBearerTokenCredentialPolicy)
| def _get_authentication_policy_async(credential): | ||
| if credential is None: | ||
| raise ValueError("Parameter 'self._credential' must not be None.") | ||
| if hasattr(credential, "get_token"): |
There was a problem hiding this comment.
dumb question: what error would be raised if a user passed a sync AD credential into the async client?
There was a problem hiding this comment.
It'll be a type error
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
rakshith91
requested review from
abhahn,
amishra-dev,
ankitarorabit,
annatisch,
benbp,
cartertinney,
catalinaperalta,
chlowell,
danieljurek,
digimaun,
giakas,
iscai-msft,
johanste,
kasobol-msft,
kristapratico,
LarryOsterman and
lzchen
as code owners
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| @@ -38,6 +38,34 @@ az eventgrid domain --create --location <location> --resource-group <resource-gr | |||
| In order to interact with the Event Grid service, you will need to create an instance of a client. | |||
| An **endpoint** and **credential** are necessary to instantiate the client object. | |||
|
|
|||
| #### Using Azure Active Directory (AAD) | |||
There was a problem hiding this comment.
Nice, this reminds me I need to add this for .NET 😄
|
|
||
| To send events to a topic or domain with a `TokenCredential`, the authenticated identity should have the "EventGrid Data Sender" role assigned. | ||
|
|
||
| With the `azure-identity` package, you can seamlessly authorize requests in both development and production environments. To learn more about Azure Active Directory, see the [`azure-identity` README](https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/identity/azure-identity/README.md). |
There was a problem hiding this comment.
We shouldn't link to the old master branch.
There was a problem hiding this comment.
good catch - updated
| _is_cloud_event, | ||
| _is_eventgrid_event, | ||
| _eventgrid_data_typecheck, | ||
| _build_request, | ||
| _cloud_event_to_generated, | ||
| _get_authentication_policy |
There was a problem hiding this comment.
Nitpick: missing trailing comma - did you run this through black?
There was a problem hiding this comment.
nope - i did not - can do that
EDIT: done
| @@ -73,7 +78,7 @@ class EventGridPublisherClient: | |||
| def __init__( | |||
| self, | |||
| endpoint: str, | |||
| credential: Union[AzureKeyCredential, AzureSasCredential], | |||
| credential: Union["AsyncTokenCredential", AzureKeyCredential, AzureSasCredential], | |||
There was a problem hiding this comment.
That seems inconsistent, if not used those types should be in the TYPE_CHECKING as well, but I see now reason why some type would be string and some would be types
|
|
||
| class AsyncEventGridTest(EventGridTest): | ||
|
|
||
| def generate_oauth_token(self): |
There was a problem hiding this comment.
You shouldn't need that, there is everything you need in devtools to care care of that for free
| def get_oauth_endpoint(self): | ||
| return os.getenv("EG_TOPIC_HOSTNAME") | ||
|
|
||
| def generate_oauth_token(self): |
| client = EventGridPublisherClient("eventgrid_endpoint", bad_credential) | ||
|
|
||
| @pytest.mark.live_test_only |
There was a problem hiding this comment.
little tricky to generate recording given we use resource group preparers and envvars for secrets
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
fixes #17963