forked from Azure/azure-sdk-for-net
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Event Hubs Client] Track Two: First Preview (Azure.Identity Support)
General
- Ongoing review and updates to member visibility to reduce public scope and limit protected
members and other minor refactorings.
Event Hub Client
- Added support for generic Azure.Identity token credentials, including compatibility for translating
and passing as the appropriate token provider in the track one infrastructure.
- Added support for a public `EventHubSharedKey` credential, to allow for authorization by the shared
access key exposed in the Azure portal without using a connection string.
- Added constructor overloads and associated infrastructure to allow for a namespace-level connection
string to be used, so long as the Event Hub path is passed sepaarate of it. This is intended to allow
for the easiest "Hello World" scenario without needing to navigate deep into the Azure portal to find
the correct connection string.
- Generalized building and normalization of Event Hub resource names to the client for use with multiple
credential types; previously, this was locked to the shared access signature credential.
Authorization
- Created an `EventHubSharedKeyCredential` to allow callers to make use of the shared key exposed in the
Azure portal without using a connection string.
- Added supporting types for accepting an Azure.Identity token credential and utilizing it with the existing
track one security infrastructure.
Live Tests
- Added more basic scenarios around event hub client connection to the server to to smoke test the new credentials
and constrctor overloads.- Loading branch information
Showing
18 changed files
with
1,223 additions
and
191 deletions.
There are no files selected for viewing
90 changes: 90 additions & 0 deletions
90
sdk/eventhub/Azure.Messaging.EventHubs/src/Authorization/EventHubSharedKeyCredential.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| // Copyright (c) Microsoft Corporation. All rights reserved. | ||
| // Licensed under the MIT License. | ||
|
|
||
| using System; | ||
| using System.Threading; | ||
| using System.Threading.Tasks; | ||
| using Azure.Core; | ||
| using Azure.Messaging.EventHubs.Core; | ||
|
|
||
| namespace Azure.Messaging.EventHubs.Authorization | ||
| { | ||
| /// <summary> | ||
| /// Provides a credential based on a shared access signature for a given | ||
| /// Event Hub instance. | ||
| /// </summary> | ||
| /// | ||
| /// <seealso cref="Azure.Core.TokenCredential" /> | ||
| /// | ||
| public sealed class EventHubSharedKeyCredential : TokenCredential | ||
| { | ||
| /// <summary> | ||
| /// The name of the shared access key to be used for authorization, as | ||
| /// reported by the Azure portal. | ||
| /// </summary> | ||
| /// | ||
| public string SharedAccessKeyName { get; } | ||
|
|
||
| /// <summary> | ||
| /// The value of the shared access key to be used for authorization, as | ||
| /// reported by the Azure portal. | ||
| /// </summary> | ||
| /// | ||
| private string SharedAccessKey { get; } | ||
|
|
||
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="EventHubSharedKeyCredential"/> class. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="sharedAccessKeyName">The name of the shared access key to be used for authorization, as reported by the Azure portal.</param> | ||
| /// <param name="sharedAccessKey">The value of the shared access key to be used for authorization, as reported by the Azure portal.</param> | ||
| /// | ||
| public EventHubSharedKeyCredential(string sharedAccessKeyName, | ||
| string sharedAccessKey) | ||
| { | ||
| Guard.ArgumentNotNullOrEmpty(nameof(sharedAccessKeyName), sharedAccessKeyName); | ||
| Guard.ArgumentNotNullOrEmpty(nameof(sharedAccessKey), sharedAccessKey); | ||
|
|
||
| SharedAccessKeyName = sharedAccessKeyName; | ||
| SharedAccessKey = sharedAccessKey; | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Retrieves the token that represents the shared access signature credential, for | ||
| /// use in authorization against an Event Hub. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="scopes">The access scopes to request a token for.</param> | ||
| /// <param name="cancellationToken">The token used to request cancellation of the operation.</param> | ||
| /// | ||
| /// <returns>The token representating the shared access signature for this credential.</returns> | ||
| /// | ||
| public override AccessToken GetToken(string[] scopes, CancellationToken cancellationToken) => throw new InvalidOperationException(Resources.SharedKeyCredentialCannotGenerateTokens); | ||
|
|
||
| /// <summary> | ||
| /// Retrieves the token that represents the shared access signature credential, for | ||
| /// use in authorization against an Event Hub. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="scopes">The access scopes to request a token for.</param> | ||
| /// <param name="cancellationToken">The token used to request cancellation of the operation.</param> | ||
| /// | ||
| /// <returns>The token representating the shared access signature for this credential.</returns> | ||
| /// | ||
| public override Task<AccessToken> GetTokenAsync(string[] scopes, CancellationToken cancellationToken) => throw new InvalidOperationException(Resources.SharedKeyCredentialCannotGenerateTokens); | ||
|
|
||
| /// <summary> | ||
| /// Coverts to shared access signature credential. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="eventHubResource">The Event Hubs resource to which the token is intended to serve as authorization.</param> | ||
| /// <param name="signatureValidityDuration">The duration that the signature should be considered valid; if not specified, a default will be assumed.</param> | ||
| /// | ||
| /// <returns>A <see cref="SharedAccessSignatureCredential" /> based on the requested shared access key.</returns> | ||
| /// | ||
| internal SharedAccessSignatureCredential ConvertToSharedAccessSignatureCredential(string eventHubResource, | ||
| TimeSpan? signatureValidityDuration = default) => | ||
| new SharedAccessSignatureCredential(new SharedAccessSignature(eventHubResource, SharedAccessKeyName, SharedAccessKey, signatureValidityDuration)); | ||
|
|
||
| } | ||
| } |
72 changes: 72 additions & 0 deletions
72
sdk/eventhub/Azure.Messaging.EventHubs/src/Authorization/EventHubTokenCredential.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| // Copyright (c) Microsoft Corporation. All rights reserved. | ||
| // Licensed under the MIT License. | ||
|
|
||
| using System.Threading; | ||
| using System.Threading.Tasks; | ||
| using Azure.Core; | ||
| using Azure.Messaging.EventHubs.Core; | ||
|
|
||
| namespace Azure.Messaging.EventHubs.Authorization | ||
| { | ||
| /// <summary> | ||
| /// Provides a generic token-based credential for a given Event Hub instance. | ||
| /// </summary> | ||
| /// | ||
| /// <seealso cref="Azure.Core.TokenCredential" /> | ||
| /// | ||
| internal class EventHubTokenCredential : TokenCredential | ||
| { | ||
| /// <summary> | ||
| /// The Event Hubs resource to which the token is intended to serve as authorization. | ||
| /// </summary> | ||
| /// | ||
| public string Resource { get; } | ||
|
|
||
| /// <summary> | ||
| /// The <see cref="TokenCredential" /> that forms the basis of this security token. | ||
| /// </summary> | ||
| /// | ||
| private TokenCredential Credential { get; } | ||
|
|
||
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="SharedAccessSignatureCredential"/> class. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="tokenCredential">The <see cref="TokenCredential" /> on which to base the token.</param> | ||
| /// <param name="eventHubResource">The Event Hubs resource to which the token is intended to serve as authorization.</param> | ||
| /// | ||
| public EventHubTokenCredential(TokenCredential tokenCredential, | ||
| string eventHubResource) | ||
| { | ||
| Guard.ArgumentNotNull(nameof(tokenCredential), tokenCredential); | ||
| Guard.ArgumentNotNullOrEmpty(nameof(eventHubResource), eventHubResource); | ||
|
|
||
| Credential = tokenCredential; | ||
| Resource = eventHubResource; | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Retrieves the token that represents the shared access signature credential, for | ||
| /// use in authorization against an Event Hub. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="scopes">The access scopes to request a token for.</param> | ||
| /// <param name="cancellationToken">The token used to request cancellation of the operation.</param> | ||
| /// | ||
| /// <returns>The token representating the shared access signature for this credential.</returns> | ||
| /// | ||
| public override AccessToken GetToken(string[] scopes, CancellationToken cancellationToken) => Credential.GetToken(scopes, cancellationToken); | ||
|
|
||
| /// <summary> | ||
| /// Retrieves the token that represents the shared access signature credential, for | ||
| /// use in authorization against an Event Hub. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="scopes">The access scopes to request a token for.</param> | ||
| /// <param name="cancellationToken">The token used to request cancellation of the operation.</param> | ||
| /// | ||
| /// <returns>The token representating the shared access signature for this credential.</returns> | ||
| /// | ||
| public override Task<AccessToken> GetTokenAsync(string[] scopes, CancellationToken cancellationToken) => Credential.GetTokenAsync(scopes, cancellationToken); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
sdk/eventhub/Azure.Messaging.EventHubs/src/Compatibility/TrackOneGenericToken.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| // Copyright (c) Microsoft Corporation. All rights reserved. | ||
| // Licensed under the MIT License. | ||
|
|
||
| using System; | ||
| using Azure.Core; | ||
| using Azure.Messaging.EventHubs.Core; | ||
| using TrackOne; | ||
|
|
||
| namespace Azure.Messaging.EventHubs.Compatibility | ||
| { | ||
| /// <summary> | ||
| /// A compatibility shim allowing a token credential to be used as a | ||
| /// generic JWT security token with the Track One types. | ||
| /// </summary> | ||
| /// | ||
| /// <seealso cref="Azure.Core.TokenCredential"/> | ||
| /// <seealso cref="TrackOne.SecurityToken" /> | ||
| /// | ||
| internal class TrackOneGenericToken : SecurityToken | ||
| { | ||
| /// <summary> | ||
| /// The <see cref="TokenCredential" /> that forms the basis of this security token. | ||
| /// </summary> | ||
| /// | ||
| public TokenCredential Credential { get; } | ||
|
|
||
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="TrackOneGenericToken"/> class. | ||
| /// </summary> | ||
| /// | ||
| /// <param name="tokenCredential">The <see cref="TokenCredential" /> on which to base the token.</param> | ||
| /// <param name="jwtTokenString">The raw JWT token value from the <paramref name="tokenCredential" /></param> | ||
| /// <param name="eventHubResource">The Event Hubs resource to which the token is intended to serve as authorization.</param> | ||
| /// <param name="tokenExpirationUtc">The date and time that the token expires, in UTC.</param> | ||
| /// | ||
| public TrackOneGenericToken(TokenCredential tokenCredential, | ||
| string jwtTokenString, | ||
| string eventHubResource, | ||
| DateTime tokenExpirationUtc) : | ||
| base(jwtTokenString, tokenExpirationUtc, eventHubResource, ClientConstants.JsonWebTokenType) | ||
| { | ||
| Guard.ArgumentNotNull(nameof(tokenCredential), tokenCredential); | ||
| Credential = tokenCredential; | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.