[Cosmos] AAD authentication async client#23717
Merged
simorenoh merged 19 commits intoAzure:mainfrom Apr 6, 2022
simorenoh:cosmos-aad-async
Merged
[Cosmos] AAD authentication async client#23717simorenoh merged 19 commits intoAzure:mainfrom simorenoh:cosmos-aad-async
simorenoh merged 19 commits intoAzure:mainfrom
simorenoh:cosmos-aad-async
Conversation
simorenoh
requested review from
kushagraThapar,
simplynaveen20 and
xinlian12
as code owners
ghost
added
the
snuck its way into the async PR
Collaborator
|
API changes have been detected in |
simorenoh
added
Client
Collaborator
|
API change check for API changes have been detected in |
kushagraThapar
approved these changes
Apr 6, 2022
Member
kushagraThapar
left a comment
kushagraThapar
left a comment
There was a problem hiding this comment.
Thanks @simorenoh , looks good to me!
rakshith91
pushed a commit
to rakshith91/azure-sdk-for-python
that referenced
this pull request
Apr 7, 2022
* working authentication to get database account * working aad authentication for sync client with sample * readme and changelog * pylint and better comments on sample * working async aad * Delete access_cosmos_with_aad.py snuck its way into the async PR * Update _auth_policies.py * small changes * Update _cosmos_client_connection.py * removing changes made in sync * Update _auth_policy_async.py * Update _auth_policy_async.py * Update _auth_policy_async.py * added licenses to samples
rakshith91
pushed a commit
to rakshith91/azure-sdk-for-python
that referenced
this pull request
Apr 10, 2022
* working authentication to get database account * working aad authentication for sync client with sample * readme and changelog * pylint and better comments on sample * working async aad * Delete access_cosmos_with_aad.py snuck its way into the async PR * Update _auth_policies.py * small changes * Update _cosmos_client_connection.py * removing changes made in sync * Update _auth_policy_async.py * Update _auth_policy_async.py * Update _auth_policy_async.py * added licenses to samples
azure-sdk
pushed a commit
to azure-sdk/azure-sdk-for-python
that referenced
this pull request
May 22, 2023
EventGridv2 TypeSpec Api Preview (Azure#23204) * start typespec * adding eventgrid typespec for api w/ TODOs * update eventgrid typespec with latest eventgrid v2 operations * don't require content-type if there is no body * Update specification/eventgrid/typespec/main.tsp Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> * Update specification/eventgrid/typespec/main.tsp Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> * changing naming of cloudevent and added in data_base64 * openapi.json * Update specification/eventgrid/typespec/main.tsp Co-authored-by: Libba Lawrence <llawrence@microsoft.com> * Update specification/eventgrid/typespec/main.tsp Co-authored-by: Libba Lawrence <llawrence@microsoft.com> * Update specification/eventgrid/typespec/main.tsp Co-authored-by: Libba Lawrence <llawrence@microsoft.com> * lockTokens format, updated json, optional? params * address code review comments * name_change * add @internal for python * Update specification/eventgrid/Azure.Messaging.EventGrid/main.tsp Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> * move @internal to client.tsp (Azure#23538) * rename (Azure#23565) * [EventGrid Typespec] breaking changes with april release of typespec (Azure#23539) * breaking changes with april release of typespec * unknown type * [EG Typespec] Update Release behavior (Azure#23699) * update behavior * just behavior * Add tspconfig and remove AAD auth (Azure#23717) * add tspconfig * add namespace * remove oauth * [EG TypeSpec] Archboard Comments (Azure#23696) * refactoring off of apiview * keep as int * no duration * aligning ack and release * remove behavioral change * ack to release * initial naming changes * Update ReleaseResult doc Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> * Update AckResult doc Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> * versioning twice-- remove one instance --------- Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> * Address couple of stewardship team feedback. These include: 1. Rename CloudEventEvent to simply CloudEvent, 2. Add more description to the operations including the possible erorr codes, 3. Add PublishResult with empty Json object as successful response for the Publish operation, 4. Others. * Add support for missing Reject operation + adding deliveryAttemptCount to BrokerProperties + Adding query parameter for release operation for deliveryDelayInSeconds * Update failedTokens/SuccessfulTokens Description to address code review comments * Update to match service behavior (Azure#23754) * Update to match service behavior * remove locktoken * [EGv2] Editing unused variables (Azure#23917) * event delivery delay not in preview * remove from url comment * [EGv2] Version dependency on Azure.Core (Azure#23936) * verioning fix * spacing mishap? * [EventGrid] Deliveryattempt change (Azure#23960) * deliveryCount 5/1 * small typo * [EventGrid] Remove internal (Azure#23995) * remove internal * remove client.tsp * remove waitWaitTime (Azure#24078) * move location of json file (Azure#24076) * [Egv2] Encode param (Azure#24080) * encode * remove num default on duration --------- Co-authored-by: Laurent Mazuel <laurent.mazuel@gmail.com> * [EGv2] Fix pipeline (Azure#24098) * regen off new commit for encode * reference preview tag * ignore word * update readme to have both apis * update with next autorest * change format to int32 --------- Co-authored-by: Ashraf Hamad <ahamad@ntdev.microsoft.com> Co-authored-by: Laurent Mazuel <laurent.mazuel@gmail.com> Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> Co-authored-by: Ashraf Hamad <ahamad-MS@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR has the changes for the async client to utilize AAD authentication.
The way the @azure.identity package uses AAD credentials to authenticate services is by adding those credentials into a policy that runs when requests are sent to the core pipelines. This policy makes sure to refresh the current token if needed and set the authentication header of requests going to the pipeline. The reason why Cosmos had to create their own policy in this instance is due to the prefix we utilize for our tokens, since the bearer token policy given by the identity module sends a different prefix altogether and as such does not work for us.
It was also recommended by the identity team to create our own policies entirely rather than attempting to override a couple methods, since this could break us on their end - specially for the
_update_headers()method since it's private.For the async client, the credentials seem to also require their context managers to be in place in order to not run into "Unclosed client session" errors once the context is over. Looks kindda weird with the double
async with, so if there's any suggestions on this do let me know.Sample is a simple run-through of what can and can't be done, if you think adding more examples would be helpful I can do so as well.