Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cosmos] AAD authentication async client #23717

Merged
merged 19 commits into from
Apr 6, 2022
Merged

[Cosmos] AAD authentication async client #23717

merged 19 commits into from
Apr 6, 2022

Conversation

simorenoh
Copy link
Member

This PR has the changes for the async client to utilize AAD authentication.

The way the @azure.identity package uses AAD credentials to authenticate services is by adding those credentials into a policy that runs when requests are sent to the core pipelines. This policy makes sure to refresh the current token if needed and set the authentication header of requests going to the pipeline. The reason why Cosmos had to create their own policy in this instance is due to the prefix we utilize for our tokens, since the bearer token policy given by the identity module sends a different prefix altogether and as such does not work for us.

It was also recommended by the identity team to create our own policies entirely rather than attempting to override a couple methods, since this could break us on their end - specially for the _update_headers() method since it's private.

For the async client, the credentials seem to also require their context managers to be in place in order to not run into "Unclosed client session" errors once the context is over. Looks kindda weird with the double async with, so if there's any suggestions on this do let me know.

Sample is a simple run-through of what can and can't be done, if you think adding more examples would be helpful I can do so as well.

snuck its way into the async PR
@azure-sdk
Copy link
Collaborator

API changes have been detected in azure-cosmos. You can review API changes here

@simorenoh simorenoh added Client This issue points to a problem in the data-plane of the library. cosmos-v4-python labels Mar 29, 2022
@azure-sdk
Copy link
Collaborator

API change check for azure-cosmos

API changes have been detected in azure-cosmos. You can review API changes here

Copy link
Member

@kushagraThapar kushagraThapar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @simorenoh , looks good to me!

Copy link
Member

@xinlian12 xinlian12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks

@simorenoh simorenoh merged commit c17568f into Azure:main Apr 6, 2022
@simorenoh simorenoh deleted the cosmos-aad-async branch April 6, 2022 15:12
rakshith91 pushed a commit to rakshith91/azure-sdk-for-python that referenced this pull request Apr 7, 2022
* working authentication to get database account

* working aad authentication for sync client with sample

* readme and changelog

* pylint and better comments on sample

* working async aad

* Delete access_cosmos_with_aad.py

snuck its way into the async PR

* Update _auth_policies.py

* small changes

* Update _cosmos_client_connection.py

* removing changes made in sync

* Update _auth_policy_async.py

* Update _auth_policy_async.py

* Update _auth_policy_async.py

* added licenses to samples
rakshith91 pushed a commit to rakshith91/azure-sdk-for-python that referenced this pull request Apr 10, 2022
* working authentication to get database account

* working aad authentication for sync client with sample

* readme and changelog

* pylint and better comments on sample

* working async aad

* Delete access_cosmos_with_aad.py

snuck its way into the async PR

* Update _auth_policies.py

* small changes

* Update _cosmos_client_connection.py

* removing changes made in sync

* Update _auth_policy_async.py

* Update _auth_policy_async.py

* Update _auth_policy_async.py

* added licenses to samples
azure-sdk pushed a commit to azure-sdk/azure-sdk-for-python that referenced this pull request May 22, 2023
EventGridv2 TypeSpec Api Preview (Azure#23204)

* start typespec

* adding eventgrid typespec for api w/ TODOs

* update eventgrid typespec with latest eventgrid v2 operations

* don't require content-type if there is no body

* Update specification/eventgrid/typespec/main.tsp

Co-authored-by: JoshLove-msft <[email protected]>

* Update specification/eventgrid/typespec/main.tsp

Co-authored-by: JoshLove-msft <[email protected]>

* changing naming of cloudevent and added in data_base64

* openapi.json

* Update specification/eventgrid/typespec/main.tsp

Co-authored-by: Libba Lawrence <[email protected]>

* Update specification/eventgrid/typespec/main.tsp

Co-authored-by: Libba Lawrence <[email protected]>

* Update specification/eventgrid/typespec/main.tsp

Co-authored-by: Libba Lawrence <[email protected]>

* lockTokens format, updated json, optional? params

* address code review comments

* name_change

* add @internal for python

* Update specification/eventgrid/Azure.Messaging.EventGrid/main.tsp

Co-authored-by: JoshLove-msft <[email protected]>

* move @internal to client.tsp (Azure#23538)

* rename (Azure#23565)

* [EventGrid Typespec] breaking changes with april release of typespec (Azure#23539)

* breaking changes with april release of typespec

* unknown type

* [EG Typespec] Update Release behavior (Azure#23699)

* update behavior

* just behavior

* Add tspconfig and remove AAD auth (Azure#23717)

* add tspconfig

* add namespace

* remove oauth

* [EG TypeSpec] Archboard Comments (Azure#23696)

* refactoring off of apiview

* keep as int

* no duration

* aligning ack and release

* remove behavioral change

* ack to release

* initial naming changes

* Update ReleaseResult doc

Co-authored-by: JoshLove-msft <[email protected]>

* Update AckResult doc

Co-authored-by: JoshLove-msft <[email protected]>

* versioning twice-- remove one instance

---------

Co-authored-by: JoshLove-msft <[email protected]>

* Address couple of stewardship team feedback. These include: 1. Rename CloudEventEvent to simply CloudEvent, 2. Add more description to the operations including the possible erorr codes, 3. Add PublishResult with empty Json object as successful response for the Publish operation, 4. Others.

* Add support for missing Reject operation + adding deliveryAttemptCount to BrokerProperties + Adding query parameter for release operation for deliveryDelayInSeconds

* Update failedTokens/SuccessfulTokens Description to address code review comments

* Update to match service behavior (Azure#23754)

* Update to match service behavior

* remove locktoken

* [EGv2] Editing unused variables (Azure#23917)

* event delivery delay not in preview

* remove from url comment

* [EGv2] Version dependency on Azure.Core  (Azure#23936)

* verioning fix

* spacing mishap?

* [EventGrid] Deliveryattempt change (Azure#23960)

* deliveryCount 5/1

* small typo

* [EventGrid] Remove internal (Azure#23995)

* remove internal

* remove client.tsp

* remove waitWaitTime (Azure#24078)

* move location of json file (Azure#24076)

* [Egv2] Encode param (Azure#24080)

* encode

* remove num default on duration

---------

Co-authored-by: Laurent Mazuel <[email protected]>

* [EGv2] Fix pipeline (Azure#24098)

* regen off new commit for encode

* reference preview tag

* ignore word

* update readme to have both apis

* update with next autorest

* change format to int32

---------

Co-authored-by: Ashraf Hamad <[email protected]>
Co-authored-by: Laurent Mazuel <[email protected]>
Co-authored-by: JoshLove-msft <[email protected]>
Co-authored-by: Ashraf Hamad <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Client This issue points to a problem in the data-plane of the library. Cosmos
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants