[POC] AAD: Configuring ServerTelemetryChannel and QuickPulseServiceClient #2220
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
change reflection to use a compiled expression.
…annels and QuickPulseModule. Need to write tests.
cijothomas
reviewed
May 28, 2021
|
|
||
| if (aadToken == null) | ||
| { | ||
| // TODO: DO NOT SEND. RETURN FAILURE AND LET CHANNEL DECIDE WHEN TO RETRY. |
There was a problem hiding this comment.
this will be considered a client side failure, and data would not be retried by default.
Its probably a complex part to decide if we want to store items for later retry, if the AAD is down..
cijothomas
reviewed
May 28, 2021
| @@ -381,6 +386,12 @@ private void AddHeaders(HttpWebRequest request, bool includeIdentityHeaders, str | |||
| request.Headers.Add(QuickPulseConstants.XMsQpsInvariantVersionHeaderName, | |||
| MonitoringDataPoint.CurrentInvariantVersion.ToString(CultureInfo.InvariantCulture)); | |||
| } | |||
|
|
|||
| // The AAD token is an optional feature. Only include if it is provided. | |||
| if (!string.IsNullOrEmpty(aadToken)) | |||
There was a problem hiding this comment.
is this intentionally optional for QP? elsewhere, in the regular channel, its like mandatory, if user has set tc.settokencred.
There was a problem hiding this comment.
oh good catch. i need to rethink this
4 tasks
TimothyMothra
changed the title
TimothyMothra
changed the title
This was referenced May 29, 2021
Merged
pharring
reviewed
May 31, 2021
| @@ -96,6 +95,20 @@ public TimeSpan SendingInterval | |||
| } | |||
| } | |||
|
|
|||
| /// <summary> | |||
| /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD. | |||
| /// FOR INTERNAL USE. Customers should use <see cref="TelemetryConfiguration.SetAzureTokenCredential"/> instead. | |||
There was a problem hiding this comment.
We don't really need this comment anymore since ISupportCredentialEnvelope is, itself, internal.
pharring
reviewed
May 31, 2021
| @@ -107,6 +108,15 @@ public virtual int ThrottleWindow | |||
| } | |||
| } | |||
|
|
|||
| /// <summary> | |||
| /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD. | |||
There was a problem hiding this comment.
Instead of "AAD", suggest "authorization" or "auth-token acquisition".
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Consuming CredentialEnvelope within TelemetryChannels and QuickPulseServiceClient
For more information see the parent item: #2190.
Introduction
This PR demonstrates an approach to handling the configuration of the CredentialEnvelope.
TODO: Need to write unit tests to validate possible configuration scenarios.
TelemetryConfiguration
TelemetryConfigurationhas a methodSetAzureTokenCredentialfor a user to provide the TokenCredential.This method could be called either before or after the user has set the
TelemetryChannel.To deal with this, both setting a credential and setting a TelemetryChannel will invoke
TelemetryConfiguration.SetTelemetryChannelCredentialEnvelope.ISupportCredentialEnvelope
To simplify passing the CredentialEnvelope to the TelemetryChannels, I've introduced a new interface
ISupportCredentialEnvelope.This ensures that the
TelemetryConfigurationcan set eitherInMemoryChannelorServerTelemetryChannel.TelemetryChannels
Each TelemetryChannel must provide the CredentialEnvelope on their respective internal classes.
TelemetryItems ultimately end up stored in a
Transmissionobject. This object can be serialized for file storage. I've confirmed that the Credential object will not be serialized.Tokens themselves will expire and therefore are not set on the Transmission object until just before invoking
Transmission.SendAsync. If aTransmissionneeds to be retried, it will receive a new token.InMemoryChannel
InMemoryChannel.CredentialEnvelopesetsInMemoryTransmitter.CredentialEnvelopewhich is used to setTransmission.CredentialEnvelopejust before callingTransmission.SendAsync.ServerTelemetryChannel
ServerTelemetryChannel.CredentialEnvelopesetsTransmitter.CredentialEnvelopeand then setsTransmissionSender.CredentialEnvelopewhich is used to setTransmission.CredentialEnvelopejust before callingTransmission.SendAsync.