New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Azure AD auth for Cosmos DB #1104
Conversation
@ItalyPaleAle happy to see it, please fix CI. |
@daixiang0 the failed CI is not due to this PR, as I did not touch MQTT. Not sure if it's a previous commit that caused the error or just some flakiness in the test. |
For this case, you can re-commit to trigger CI re-run :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for adding this support, it's much appreciated!
Per the PR template, can you also open an issue in dapr/docs to track documenting the additional support for AD auth in the bindings & state cosmosdb components?
@CodeMonkeyLeet I was thinking this could be tracked as part of the umbrella issue #1103. Do you want me to create a separate issue for each one? |
#1103 tracks the general issue to be fixed in dapr/components-contrib, I'm asking for an issue in dapr/docs (or better yet, the documentation PR in dapr/docs) per:
The PR template includes this item because Dapr would like the documentation to be up-to-date with the new features included in each release (in this case, the ability to use Azure AD auth with the CosmosDB) and that's at the granularity of what has been merged into the release. |
Sorry I missed the part where you were referring to docs. I will open an issue. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks again for the contribution!
Codecov Report
@@ Coverage Diff @@
## master #1104 +/- ##
==========================================
- Coverage 34.53% 33.78% -0.75%
==========================================
Files 132 136 +4
Lines 10870 11400 +530
==========================================
+ Hits 3754 3852 +98
- Misses 6736 7155 +419
- Partials 380 393 +13
Continue to review full report at Codecov.
|
PR dapr#1104 introduced a regression in cosmosdb state component `Init()` by creating a `NewConfig()` which sets a new DefaultIdentificationHydrator, which causes a panic later when invoked. Patch this by restoring the configuration setting to use a struct with `nil` `IdentificationHydrator`.
PR #1104 introduced a regression in cosmosdb state component `Init()` by creating a `NewConfig()` which sets a new DefaultIdentificationHydrator, which causes a panic later when invoked. Patch this by restoring the configuration setting to use a struct with `nil` `IdentificationHydrator`.
Follow-up to dapr#1104 to support AD Auth codepath as well. `NewConfig()` and `NewConfigWithServicePrincipal()` both set the `Config.IdentificationHydrator` to the `DefaultIdentificationHydrator` in the underlying a8m/documentdb library. That implementation ends up calling `reflect.Value.Elem.FieldByName()`, which requires that the value passed to it is an interface or pointer, otherwise the Elem() call fails to dereference which causes a panic. cosmosdb.go passes the input to `UpsertDocument` by value today, which is eventually passed to the `DefaultIdentificationHydrator`, so changing the value passed to a pointer resolves the failure.
) Follow-up to #1104 to support AD Auth codepath as well. `NewConfig()` and `NewConfigWithServicePrincipal()` both set the `Config.IdentificationHydrator` to the `DefaultIdentificationHydrator` in the underlying a8m/documentdb library. That implementation ends up calling `reflect.Value.Elem.FieldByName()`, which requires that the value passed to it is an interface or pointer, otherwise the Elem() call fails to dereference which causes a panic. cosmosdb.go passes the input to `UpsertDocument` by value today, which is eventually passed to the `DefaultIdentificationHydrator`, so changing the value passed to a pointer resolves the failure. Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
* Support Azure AD auth for Cosmos DB * Fixed linting errors * Tidying go.sum * Removed the need for nolint:shadow Co-authored-by: Simon Leet <31784195+CodeMonkeyLeet@users.noreply.github.com> Co-authored-by: Artur Souza <artursouza.ms@outlook.com> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
PR dapr#1104 introduced a regression in cosmosdb state component `Init()` by creating a `NewConfig()` which sets a new DefaultIdentificationHydrator, which causes a panic later when invoked. Patch this by restoring the configuration setting to use a struct with `nil` `IdentificationHydrator`.
…pr#1121) Follow-up to dapr#1104 to support AD Auth codepath as well. `NewConfig()` and `NewConfigWithServicePrincipal()` both set the `Config.IdentificationHydrator` to the `DefaultIdentificationHydrator` in the underlying a8m/documentdb library. That implementation ends up calling `reflect.Value.Elem.FieldByName()`, which requires that the value passed to it is an interface or pointer, otherwise the Elem() call fails to dereference which causes a panic. cosmosdb.go passes the input to `UpsertDocument` by value today, which is eventually passed to the `DefaultIdentificationHydrator`, so changing the value passed to a pointer resolves the failure. Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
Description
Updated the
bindings/azure/cosmosdb
andstate/azure/cosmosdb
components to support auth via Azure AD.If
masterKey
is present in the metadata, that's used first. Otherwise, it tries authenticating using Azure AD, including using a service principal (azureClientId
andazureClientSecret
), a certificate, or MSI.Issue reference
See #1103
Checklist
Please make sure you've completed the relevant tasks for this PR, out of the following list: