[Cosmos] AAD authentication sync client #23604
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
the
|
API changes have been detected in |
simorenoh
requested review from
kushagraThapar,
simplynaveen20 and
xinlian12
as code owners
johanste
reviewed
Mar 22, 2022
sdk/cosmos/azure-cosmos/azure/cosmos/_cosmos_client_connection.py
Outdated
Show resolved
Hide resolved
|
API changes have been detected in |
This reverts commit 721bbc7.
|
API changes have been detected in |
|
API changes have been detected in |
|
API changes have been detected in |
annatisch
reviewed
Mar 25, 2022
sdk/cosmos/azure-cosmos/azure/cosmos/_cosmos_client_connection.py
Outdated
Show resolved
Hide resolved
sdk/cosmos/azure-cosmos/azure/cosmos/_cosmos_client_connection.py
Outdated
Show resolved
Hide resolved
|
API changes have been detected in |
|
/azp run python - cosmos - ci |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
API changes have been detected in |
xinlian12
reviewed
Apr 1, 2022
|
/azp run python - cosmos - ci |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
API change check for API changes have been detected in |
milismsft
reviewed
Apr 5, 2022
milismsft
reviewed
Apr 5, 2022
|
/azp run python - cosmos - ci |
|
Azure Pipelines successfully started running 1 pipeline(s). |
milismsft
reviewed
Apr 5, 2022
milismsft
approved these changes
Apr 5, 2022
|
/azp run python - cosmos - ci |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run python - cosmos - ci |
|
Azure Pipelines successfully started running 1 pipeline(s). |
rakshith91
pushed a commit
to rakshith91/azure-sdk-for-python
that referenced
this pull request
Apr 7, 2022
* working authentication to get database account * working aad authentication for sync client with sample * readme and changelog * pylint and better comments on sample * Update auth.py * Revert "Update auth.py" This reverts commit 721bbc7. * Update auth.py * Update auth.py * changes from comments * quick comment updates * Update config.py * Update access_cosmos_with_aad.py * added sync policy to match async * small changes * aad tests for negative path and positive emulator path * moved logic to be together for each part * Milis comments * Update cosmos_client.py * Update dev_requirements.txt * Update _auth_policy.py
rakshith91
pushed a commit
to rakshith91/azure-sdk-for-python
that referenced
this pull request
Apr 10, 2022
* working authentication to get database account * working aad authentication for sync client with sample * readme and changelog * pylint and better comments on sample * Update auth.py * Revert "Update auth.py" This reverts commit 721bbc7. * Update auth.py * Update auth.py * changes from comments * quick comment updates * Update config.py * Update access_cosmos_with_aad.py * added sync policy to match async * small changes * aad tests for negative path and positive emulator path * moved logic to be together for each part * Milis comments * Update cosmos_client.py * Update dev_requirements.txt * Update _auth_policy.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR has the changes for the sync client to utilize AAD authentication. I'll be making the PR for the async client separate, in order to reduce number of lines per PR.
The way the
@azure.identitypackage uses AAD credentials to authenticate services is by adding those credentials into a policy that runs when requests are sent to the core pipelines. This policy makes sure to refresh the current token if needed and set the authentication header of requests going to the pipeline. The reason why Cosmos had to create their own policy in this instance is due to the prefix we utilize for our tokens, since the bearer token policy given by the identity module sends a different prefix altogether and as such does not work for us.It was also recommended by the identity team to create our own policies entirely rather than attempting to override a couple methods, since this could break us on their end - specially for the
_update_headers()method since it's private.Sample is a simple run-through of what can and can't be done, if you think adding more examples would be helpful I can do so as well.