AAD: Handling Azure.Core.TokenCredential #2191
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
reyang
reviewed
Mar 25, 2021
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
reyang
reviewed
Mar 25, 2021
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
reyang
reviewed
Mar 25, 2021
...osoft.ApplicationInsights/Extensibility/Implementation/Authentication/ICredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
reyang
reviewed
Mar 25, 2021
...t.ApplicationInsights/Extensibility/Implementation/Authentication/TokenCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
ThomsonTan
reviewed
Mar 25, 2021
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
ThomsonTan
reviewed
Mar 25, 2021
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
change reflection to use a compiled expression.
This comment has been minimized.
This comment has been minimized.
pharring
reviewed
May 24, 2021
BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs
Outdated
Show resolved
Hide resolved
cijothomas
reviewed
May 24, 2021
| /// <summary> | ||
| /// Gets an envelope for Azure.Core.TokenCredential which provides an AAD Authenticated token. | ||
| /// </summary> | ||
| public CredentialEnvelope CredentialEnvelope { get; private set; } |
There was a problem hiding this comment.
Consider making this internal, if end users are not expected to read this back.
There was a problem hiding this comment.
@xiaomi7732 for https://github.com/microsoft/ApplicationInsights-Profiler-AspNetCore
Snapshot Collector is Microsoft.ApplicationInsights.SnapshotCollector, but note that it has a different public key.
There was a problem hiding this comment.
Thanks for tagging me on this. AI.SDK and Profiler have different build cycles - and we have mixed references. How are we going to make that work?
For example, our desktop build (no StrongName) assemblies might reference public/stable version of app insights SDK, in which case, the InternvalVisibileTo (to a strongNamed assembly) won't work. What is that I missed?
There was a problem hiding this comment.
I don't think you need to worry about version numbers. InternalsVisibleTo uses just the assembly's name and public key. The question really is whether you expect to take a dependency on a version of the core SDK that has CredentialEnvelope, or would you stick with an older version and use reflection to get CredentialEnvelope.
I still haven't decided for Snapshot Collector. There's going to be some reflection anyway in order to use the CredentialEnvelope.
There was a problem hiding this comment.
On this topic, I think I am asked to provide assembly names and public keys so that in Core SDK, it knows to expose the internal classes.
The deal is, during the development, our assemblies aren't going to be strongnamed - that means we won't be able to see the internal classes in the Core SDK anyway.
On the other hand, reflection will work, with or without InternalVisibleTo.
So, what is the point to add the InternalVisibleTo for our assemblies? And that is what I am asking, in case I missed something.
There was a problem hiding this comment.
We're changing this property to internal.
Optionally, if you want to utilize this without reflection you can submit a PR to add your SDK to our InternalsVisibleTo.
cijothomas
reviewed
May 24, 2021
...rosoft.ApplicationInsights/Extensibility/Implementation/Authentication/CredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
cijothomas
reviewed
May 25, 2021
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
TimothyMothra
changed the title
cijothomas
reviewed
May 26, 2021
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Show resolved
Hide resolved
cijothomas
reviewed
May 26, 2021
BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs
Outdated
Show resolved
Hide resolved
TimothyMothra
commented
May 26, 2021
| SdkInternalOperationsMonitor.Enter(); | ||
| try | ||
| { | ||
| return await AzureCore.InvokeGetTokenAsync(this.tokenCredential, this.tokenRequestContext, cancellationToken).ConfigureAwait(true); |
There was a problem hiding this comment.
@cijothomas , Is ConfigureAwait(true) the correct usage for SdkInternalOperationsMonitor ?
There was a problem hiding this comment.
I think I answered my own question.
ProfileServiceWrapper calls Async methods inside an InternalOperation.
cijothomas
reviewed
May 27, 2021
...ights.Tests/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelopeTests.cs
Show resolved
Hide resolved
cijothomas
reviewed
May 27, 2021
| /// Set a TokenCredential for this configuration. | ||
| /// </summary> | ||
| /// <param name="tokenCredential">An instance of Azure.Core.TokenCredential.</param> | ||
| public void SetCredential(object tokenCredential) => this.CredentialEnvelope = new ReflectionCredentialEnvelope(tokenCredential); |
There was a problem hiding this comment.
as a follow up, we could modify the method comment to be more descriptive, and can warn that this throws exception when object is not of type Azure.Core.TokenCredential.
There was a problem hiding this comment.
an alternate name could be - SetTokenCredential or SetAzureTokenCredential, to make it more clear that this is an azure only thing.
cijothomas
approved these changes
May 27, 2021
cijothomas
reviewed
May 27, 2021
| /// <returns>A valid Azure.Core.AccessToken.</returns> | ||
| public string GetToken(CancellationToken cancellationToken = default) | ||
| { | ||
| SdkInternalOperationsMonitor.Enter(); |
There was a problem hiding this comment.
it may be better to leave the job of entering/exiting internal operation to the consumer (like Transmission class)
There was a problem hiding this comment.
Will investigate this in second PR.
tokaplan
added a commit
to tokaplan/ApplicationInsights-dotnet
that referenced
this pull request
Jul 22, 2021
* Added support for FlushAsync API * Added more test cases * Corrections to test case * fixed merge conflicts * Fixed an issue with IsEnqueueSuccess * Bumping CurrentInvariantVersion for QuickPulse. (microsoft#2123) * Endpoint and ping interval hints for QuickPulseModule. * Updating changelog.md with the PR link for the change. * StyleCop error fix. * Bumping CurrentInvariantVersion for QuickPulse. * Unit test fixes. * Update how BuildNumbers are calculated (microsoft#2125) * Update _GlobalStaticVersion.props Change to the way we calculate the build number. Formerly, we calculated builds as the TotalMinutes between DateTime.Now and the semantic version time stamp, divided by 5. This meant that every 5 minutes the build number changes. This was hurting nightly nupkgs because our assembly version and packages weren't matching. This PR changes the calculation to be TotalHours / 12. * Update release_NupkgAudit.ps1 * Update Changelog, prep 2.17.0-beta1 (microsoft#2126) * Update release_NupkgAudit.ps1 (microsoft#2128) * Update release_NupkgAudit.ps1 removing the hardcoded hash. will put the value in the build definition. This will be easier to update when certs rotate. * Update release_NupkgAudit.ps1 punctuation * upgrade log4net 2.0.10 (microsoft#2150) * Fix: telemetry parent id when using W3C activity format (microsoft#2145) * Fix telemetry parent id when using W3C activity format * Add unit tests * Added InFlightTransmission struct * Add response duration to TransmissionStatusEventArgs * Update ChangeLog * Update profiler and snapshot endpoints Fixes microsoft#2166 * bump version 2.17 Stable (microsoft#2171) * bump version * Update CHANGELOG.md * finalize public API * remove outdated NuGet.Config files * Update CONTRIBUTING.md (microsoft#2177) * remove comment * Update Readme.md (microsoft#2182) Adding Support policy to readme * Update bug_report.md (microsoft#2183) * Update bug_report.md Adding Immediate support policy to the bug template * Removing item check in serializer * Fix tests * New Implementation * Added Increment to pause storage dequeue * thread sync support for move transmissions * Create dependabot.yml (microsoft#2201) * Fix PropertyFetcher error when used with multiple types (microsoft#2197) * Fix PropertyFetcher error when used with multiple types * Fix build errors Co-authored-by: Timothy Mothra <tilee@microsoft.com> * remove Microsoft.TestPlatform.TestHost (microsoft#2208) * Bump Microsoft.NET.Test.Sdk from 16.7.1 to 16.9.4 (microsoft#2206) * Bump Microsoft.NET.Test.Sdk from 16.7.1 to 16.9.4 Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 16.7.1 to 16.9.4. - [Release notes](https://github.com/microsoft/vstest/releases) - [Commits](microsoft/vstest@v16.7.1...v16.9.4) Signed-off-by: dependabot[bot] <support@github.com> * Update Microsoft.ApplicationInsights.Isolated.Tests.csproj remove System.Reflection.Metadata Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Timothy Mothra <tilee@microsoft.com> * Bump NETStandard.HttpListener from 1.0.2 to 1.0.3.5 (microsoft#2205) Bumps [NETStandard.HttpListener](https://github.com/StefH/NETStandard.HttpListener) from 1.0.2 to 1.0.3.5. - [Release notes](https://github.com/StefH/NETStandard.HttpListener/releases) - [Commits](https://github.com/StefH/NETStandard.HttpListener/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump Newtonsoft.Json from 10.0.3 to 13.0.1 (microsoft#2209) * Bump Newtonsoft.Json from 10.0.3 to 13.0.1 Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 10.0.3 to 13.0.1. - [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases) - [Commits](JamesNK/Newtonsoft.Json@10.0.3...13.0.1) Signed-off-by: dependabot[bot] <support@github.com> * Update Microsoft.ApplicationInsights.Tests.csproj * Update Microsoft.ApplicationInsights.Isolated.Tests.csproj * Update TelemetryChannel.Nuget.Tests.csproj * Update TelemetryChannel.Tests.csproj Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Timothy Mothra <tilee@microsoft.com> * Bump log4net from 2.0.10 to 2.0.12 (microsoft#2204) Bumps [log4net](https://github.com/apache/logging-log4net) from 2.0.10 to 2.0.12. - [Release notes](https://github.com/apache/logging-log4net/releases) - [Changelog](https://github.com/apache/logging-log4net/blob/master/ReleaseInstructions.txt) - [Commits](apache/logging-log4net@rel/2.0.10...rc/2.0.12) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump System.Text.Encoding.CodePages from 4.3.0 to 5.0.0 (microsoft#2211) * Bump Microsoft.AspNetCore.Identity from 2.1.1 to 2.1.2 (microsoft#2215) * Bump Microsoft.AspNetCore.StaticFiles from 2.1.1 to 2.2.0 (microsoft#2216) * Bump Microsoft.AspNetCore.Mvc.TagHelpers from 2.1.1 to 2.2.0 (microsoft#2212) * update and consolidate xunit dependencies (microsoft#2222) * update and consolidate xunit dependencies * fix xunit analyzer * Bump MSTest.TestAdapter from 2.1.2 to 2.2.3 (microsoft#2223) * Bump System.Console from 4.3.0 to 4.3.1 (microsoft#2224) * Bump Microsoft.AspNetCore.Server.IISIntegration from 2.1.1 to 2.2.1 (microsoft#2226) * Saving work in progress. * API changes * Additional tests * spaces * Review changes * Fix flaky test. * PR feedback * InternalsVisibleTo Microsoft.AI.ServerTelemetryChannel (microsoft#2229) * Add CancellationToken check for MoveTransmissions * Bump Microsoft.AspNetCore.Server.Kestrel from 1.1.2 to 2.2.0 (microsoft#2207) * Bump System.Data.SqlClient from 4.7.0 to 4.8.2 (microsoft#2231) Bumps [System.Data.SqlClient](https://github.com/dotnet/corefx) from 4.7.0 to 4.8.2. - [Release notes](https://github.com/dotnet/corefx/releases) - [Commits](https://github.com/dotnet/corefx/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * examples sln (microsoft#2233) * new solution * fix path * additional properties in props * adding AspNetCore WebApp to Examples * simplify property * PR feedback * Initialization code and entry point for Self Diagnostics Module * Adding access modifier * Add APIs as declared API list * Fix flaky test - FlushAsyncTransmissionWithThrottle (microsoft#2247) * Add ManualResetEventSlim.Wait * Fix warning * general maintenance (microsoft#2250) * general maintenance * fix date * update analyzers (microsoft#2198) * update analyzers * remove default case, tests should pass * fxcop * cleanup * testing fix * remove net452 and net46 from aspnetcore (microsoft#2252) * remove net452 and net46 from aspnetcore * changelog * consolidate package references * cleanup unnecessary dependencies in AspNetCore SDK (microsoft#2253) * Move location of Initialization * [SDL] update packages (microsoft#2243) * update packages * update test dependencies * testing fix for version conflicts * Update IntegrationTests.Tests.csproj * cleanup * cleanup * Remove "Module" in class name. Change class to internal. * Update CHANGELOG.md (microsoft#2254) * Add config parser class for SelfDiagnostics * Rename SelfDiagnostics class to SelfDiagnosticsInitializer, and SelfDiagnosticsInternals names to SelfDiagnostics. * Rename test class namespace. Remove xunit dependency. * Add EventListener for SelfDiagnostics (microsoft#2259) * Add EventListener for SelfDiagnostics * Match with EventSource name's prefix * troubleshooting (microsoft#2264) * troubleshooting guides * update * update * update * Update Readme.md * Update Readme.md * Update PostTelemetry.ps1 * Update Readme.md * Encode event and write to file in SelfDiagnosticsEventListener (microsoft#2265) * Encode event and write to file in SelfDiagnosticsEventListener * Fix compile error * Add MemoryMappedFileHandler for SelfDiagnostics (microsoft#2258) * Add MemoryMappedFileHandler for SelfDiagnostics * Rename classes and namespace. * - * Use CollectionAssert.AreEqual to compare byte[] * Add circular write logic into MemoryMappedFileHandler class * Fix trivial compile errors * Fix trivial compile errors * Update EventSource method implementation * Update EventSource method implementation * - * Special requirement for last argument in method definition and last parameter for WriteEvent call * update typo in comment * Add ConfigRefresher for SelfDiagnostics (microsoft#2262) * Add MemoryMappedFileHandler for SelfDiagnostics * Rename classes and namespace. * - * Use CollectionAssert.AreEqual to compare byte[] * Add circular write logic into MemoryMappedFileHandler class * Add ConfigRefresher for SelfDiagnostics * Fix trivial compile errors * Fix trivial compile errors * Update EventSource method implementation * Update EventSource method implementation * - * Special requirement for last argument in method definition and last parameter for WriteEvent call * Add new line at end of file * Change namespace for SelfDiagnosticsInitializer * Remove redundant using namespace statement. * Remove blank line * Cosmetics/technical debt - use pattern matching (microsoft#2268) * Fix ReSharper's "Convert 'as' expression type check and the following null check into pattern matching" / Code Smell * Update changelog with description * Update Readme and changelog for SelfDiagnostics (microsoft#2267) * Add Readme and changelog for Self Diagnostics * Fix failed test cases * Add changelog entry * Update troubleshooting/ETW/Readme.md with Self Diagnostics section * Remove unused code * Add "as of version 2.18.0" * Update Self-Diagnostics instructions (microsoft#2271) * Update Self-Diagnostics instructions * Update Readme.md * Update Readme.md * add Net5.0 to Test Infra and Bask SDK Tests (microsoft#2272) * add support for net461 to Tests (microsoft#2274) * fix Test projects dependency, Microsoft.AspNetCore.App (microsoft#2276) * cleanup frameworks in AspNetCore (microsoft#2278) * cleanup frameworks in AspNetCore * fix fxcop * remove unused dependency (microsoft#2281) * AAD: Handling Azure.Core.TokenCredential (microsoft#2191) * Bump Microsoft.AspNetCore.Mvc.Core from 1.0.3 to 1.0.4 (microsoft#2285) Bumps Microsoft.AspNetCore.Mvc.Core from 1.0.3 to 1.0.4. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * disable flaky tests (microsoft#2289) * AAD: refactor (microsoft#2288) * AAD: refactor * change property to internal * AAD: with InMemoryChannel (microsoft#2290) * aad with InMemoryChannel * Fix AzureSdkDiagnosticListener from crashing user app (microsoft#2294) * Fix AzureSdkDiagnosticListener from crashing user app * changelog * Read Azure SDK Success status (microsoft#2200) * Read Azure SDK Success status * cleanup Base SDK Frameworks (microsoft#2280) Co-authored-by: Cijo Thomas <cithomas@microsoft.com> * AAD: with QuickPulse (microsoft#2291) * AAD: with QuickPulse * AAD: with ServerTelemetryChannel (microsoft#2292) * AAD: with ServerTelemetryChannel * bump version 2.18-beta2 (microsoft#2296) * disable these tests on linux (microsoft#2298) * Updated link to performance counters docs (microsoft#2301) * Updated link to performance counters docs * Update WEB/Src/PerformanceCollector/README.md Co-authored-by: Cijo Thomas <cithomas@microsoft.com> * aad: detect type (microsoft#2303) * Enable the self diagnostics and fix a NullReferenceException bug (microsoft#2302) * Enable the self diagnostics and fix a NullReferenceException bug * Fix compilation warnings. * enable self-diagnostics in example app (microsoft#2305) * AAD: change to CredentialEnvelope to expose Expiration (microsoft#2306) * refactor TransmissionPolicy (microsoft#2311) * Remove OpenCover. CVE-2018-1285 (microsoft#2313) * Update Microsoft.Extensions.Logging to 2.1.1 * AAD: new AuthenticationTransmissionPolicy for retry scenarios. (microsoft#2312) * update version for beta3 (microsoft#2316) * AAD: Misc changes (microsoft#2317) * initialize cache inside constructor * remove todo. not pursing caching right now * cleanup comment * update changelog * Update ReflectionCredentialEnvelope.cs * log to indicated Authentication Policy caught the response from ingestion (microsoft#2319) * Update linux-build.yml (microsoft#2329) update version of dotnet 5 * Self-Diagnostics: include datetimestamp in filename (microsoft#2325) * include datetimestamp in self-diagnostics filename * come review comments * update readme * update readme * Update Readme.md * Update CHANGELOG.md (microsoft#2332) * prune public api (microsoft#2336) * prep 2.18 (microsoft#2337) * Tilee/examples (microsoft#2339) * move example projects to root. change to project reference * update packages * remove release config * rename projects * build definition for examples solution * cleanup yml * fix yml * test fix for yml * test fix yml * Update examples-sanity.yml (microsoft#2340) correct branch name Co-authored-by: Rajkumar Rangaraj <rajrang@microsoft.com> Co-authored-by: Cijo Thomas <cithomas@microsoft.com> Co-authored-by: Timothy Mothra <tilee@microsoft.com> Co-authored-by: ylabade <64366368+ylabade@users.noreply.github.com> Co-authored-by: Paul Harrington <pharring@microsoft.com> Co-authored-by: Paul Harrington <pharring@users.noreply.github.com> Co-authored-by: Oskar Klintrot <oskar.klintrot@gmail.com> Co-authored-by: ank3it <anksr@microsoft.com> Co-authored-by: James Newton-King <james@newtonking.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: xiang17 <xili9@microsoft.com> Co-authored-by: Martin <modermatt@tuta.io> Co-authored-by: Pavel Krymets <pavel@krymets.com> Co-authored-by: Lev Yastrebov <36070899+LevYas@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding support for Azure.Core.TokenCredential to the TelemetryConfiguration
For more information see the parent item: #2190.
Introduction
We have a unique challenge of needing to support
Azure.Core.TokenCredentialwhile having incompatible Frameworks.To address this I'm making the assumption that if a customer's application is able to create an instance of
TokenCredential, then they also have theAzure.Coreassembly in their runtime.Going off of this assumption, we're able to use reflection to access the methods of
TokenCredentialand return types available inAzure.Core.This approach is validated in unit tests.
Implementation
TelemetryConfiguration.SetCredential
We need a way for a customer to provide an implementation of
Azure.Core.TokenCredential.For this, I've introduced a new method
TelemetryConfiguration.SetCredential.ApplicationInsights-dotnet/BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs
Lines 408 to 412 in aac78ed
We accept
Objectand validate that the provided object inheritsTokenCredential.We store this in the new property
TelemetryConfiguration.CredentialEnvelopewhich is accessible by all internal classes in the SDK.CredentialEnvelope
We hold the instance of
TokenCredentialin a new classReflectionCredentialEnvelopewhich as the name suggests, uses Reflection to interact with theObjectthat was provided.ApplicationInsights-dotnet/BASE/src/Microsoft.ApplicationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Lines 21 to 37 in aac78ed