Skip to content

Commit

Permalink
Add Azure AD authentication support (aad-auth pt 3) (#3755) (#3792)
Browse files Browse the repository at this point in the history
  • Loading branch information
schmittjoseph authored Feb 24, 2023
1 parent a0f5a68 commit 45cbddb
Show file tree
Hide file tree
Showing 30 changed files with 871 additions and 41 deletions.
69 changes: 66 additions & 3 deletions documentation/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -396,17 +396,28 @@
"AuthenticationOptions": {
"type": "object",
"additionalProperties": false,
"required": [
"MonitorApiKey"
],
"properties": {
"MonitorApiKey": {
"description": "The parameters used to validate MonitorApiKey JWT tokens.",
"oneOf": [
{
"type": "null"
},
{
"$ref": "#/definitions/MonitorApiKeyOptions"
}
]
},
"AzureAd": {
"description": "The parameters used to use configure authentication using Azure Active Directory.",
"oneOf": [
{
"type": "null"
},
{
"$ref": "#/definitions/AzureAdOptions"
}
]
}
}
},
Expand All @@ -431,6 +442,58 @@
}
}
},
"AzureAdOptions": {
"type": "object",
"additionalProperties": false,
"required": [
"ClientId",
"RequiredRole"
],
"properties": {
"Instance": {
"type": [
"null",
"string"
],
"description": "Specifies the Azure cloud instance users are signing in from. Can be either the Azure public cloud or one of the national clouds.",
"format": "uri",
"default": "https://login.microsoftonline.com"
},
"TenantId": {
"type": [
"null",
"string"
],
"description": "The tenant id of the Azure Active Directory tenant, or its tenant domain.",
"default": "organizations"
},
"ClientId": {
"type": "string",
"description": "The unique application (client) id assigned to the app registration in Azure Active Directory.",
"minLength": 1
},
"AppIdUri": {
"type": [
"null",
"string"
],
"description": "The App ID URI of the app registration. Defaults to api://{ClientId} if not specified.",
"format": "uri"
},
"RequiredRole": {
"type": "string",
"description": "The role required to be able to authenticate.",
"minLength": 1
},
"SwaggerScope": {
"type": [
"null",
"string"
],
"description": "The API scope required by users to be able to interactively authenticate using the in-box Swagger UI. If not specified, users will not be able to interactively authenticate."
}
}
},
"CollectionRuleOptions": {
"type": "object",
"additionalProperties": false,
Expand Down
1 change: 1 addition & 0 deletions eng/dependabot/Packages.props
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
<PackageReference Include="System.Private.Uri" Version="$(SystemPrivateUriVersion)" />
<PackageReference Include="System.Security.Principal.Windows" Version="$(SystemSecurityPrincipalWindowsVersion)" />
<PackageReference Include="Microsoft.OpenApi.Readers" Version="$(MicrosoftOpenApiReadersVersion)" />
<PackageReference Include="Microsoft.Identity.Web" Version="$(MicrosoftIdentityWebVersion)" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="$(MicrosoftIdentityModelTokensVersion)" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsVersion)" />
<PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsoleVersion)" />
Expand Down
1 change: 1 addition & 0 deletions eng/dependabot/Versions.props
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
<MicrosoftExtensionsLoggingConsoleVersion>7.0.0</MicrosoftExtensionsLoggingConsoleVersion>
<MicrosoftExtensionsLoggingEventSourceVersion>7.0.0</MicrosoftExtensionsLoggingEventSourceVersion>
<MicrosoftIdentityModelTokensVersion>6.27.0</MicrosoftIdentityModelTokensVersion>
<MicrosoftIdentityWebVersion>1.26.0</MicrosoftIdentityWebVersion>
<MicrosoftOpenApiReadersVersion>1.6.2</MicrosoftOpenApiReadersVersion>
<SystemPrivateUriVersion>4.3.2</SystemPrivateUriVersion>
<SystemSecurityPrincipalWindowsVersion>5.0.0</SystemSecurityPrincipalWindowsVersion>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using Microsoft.Diagnostics.Monitoring.WebApi;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;

namespace Microsoft.Diagnostics.Tools.Monitor
{
internal sealed partial class AuthenticationOptions :
IValidatableObject
{
IEnumerable<ValidationResult> IValidatableObject.Validate(ValidationContext validationContext)
{
IList<ValidationResult> results = new List<ValidationResult>();

// At most only one authentication configuration can be specified.
if (MonitorApiKey != null && AzureAd != null)
{
results.Add(
new ValidationResult(
string.Format(
OptionsDisplayStrings.ErrorMessage_MultipleAuthenticationModesSpecified)));
}

return results;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,16 @@

namespace Microsoft.Diagnostics.Tools.Monitor
{
internal sealed class AuthenticationOptions
internal sealed partial class AuthenticationOptions
{
[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AuthenticationOptions_MonitorApiKey))]
[Required]
public MonitorApiKeyOptions MonitorApiKey { get; set; }

[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AuthenticationOptions_AzureAd))]
public AzureAdOptions AzureAd { get; set; }
}
}
47 changes: 47 additions & 0 deletions src/Microsoft.Diagnostics.Monitoring.Options/AzureAdOptions.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using Microsoft.Diagnostics.Monitoring.WebApi;
using System;
using System.ComponentModel;
using System.ComponentModel.DataAnnotations;

namespace Microsoft.Diagnostics.Tools.Monitor
{
internal sealed partial class AzureAdOptions
{
[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AzureAdOptions_Instance))]
[DefaultValue(AzureAdOptionsDefaults.DefaultInstance)]
public Uri Instance { get; set; }

[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AzureAdOptions_TenantId))]
[DefaultValue(AzureAdOptionsDefaults.DefaultTenantId)]
public string TenantId { get; set; }

[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AzureAdOptions_ClientId))]
[Required]
public string ClientId { get; set; }

[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AzureAdOptions_AppIdUri))]
public Uri AppIdUri { get; set; }

[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AzureAdOptions_RequiredRole))]
[Required]
public string RequiredRole { get; set; }

[Display(
ResourceType = typeof(OptionsDisplayStrings),
Description = nameof(OptionsDisplayStrings.DisplayAttributeDescription_AzureAdOptions_SwaggerScope))]
public string SwaggerScope { get; set; }
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

namespace Microsoft.Diagnostics.Tools.Monitor
{
internal static class AzureAdOptionsDefaults
{
public const string DefaultInstance = "https://login.microsoftonline.com";
public const string DefaultTenantId = "organizations";
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System;

namespace Microsoft.Diagnostics.Tools.Monitor
{
internal static class AzureAdOptionsExtensions
{
public static Uri GetInstance(this AzureAdOptions options)
{
return options.Instance ?? new Uri(AzureAdOptionsDefaults.DefaultInstance);
}

public static string GetTenantId(this AzureAdOptions options)
{
return options.TenantId ?? AzureAdOptionsDefaults.DefaultTenantId;
}

public static Uri GetAppIdUri(this AzureAdOptions options)
{
return options.AppIdUri ?? new Uri(FormattableString.Invariant($"api://{options.ClientId}"));
}
}
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -757,4 +757,42 @@
<value>The type of metrics this provider consumes</value>
<comment>The description provided for the MetricType parameter on MetricProvider.</comment>
</data>
<data name="DisplayAttributeDescription_GlobalCounterOptions_Providers" xml:space="preserve">
<value>Dictionary of provider names and their global configuration.</value>
</data>
<data name="ErrorMessage_NestedProviderValidationError" xml:space="preserve">
<value>Provider '{0}' validation error: '{1}'</value>
</data>
<data name="DisplayAttributeDescription_AuthenticationOptions_AzureAd" xml:space="preserve">
<value>The parameters used to use configure authentication using Azure Active Directory.</value>
<comment>The description provided for the AzureAd parameter on AuthenticationOptions.</comment>
</data>
<data name="DisplayAttributeDescription_AzureAdOptions_AppIdUri" xml:space="preserve">
<value>The App ID URI of the app registration. Defaults to api://{ClientId} if not specified.</value>
<comment>The description provided for the AppIdUri parameter on AzureAdOptions.</comment>
</data>
<data name="DisplayAttributeDescription_AzureAdOptions_ClientId" xml:space="preserve">
<value>The unique application (client) id assigned to the app registration in Azure Active Directory.</value>
<comment>The description provided for the ClientId parameter on AzureAdOptions.</comment>
</data>
<data name="DisplayAttributeDescription_AzureAdOptions_Instance" xml:space="preserve">
<value>Specifies the Azure cloud instance users are signing in from. Can be either the Azure public cloud or one of the national clouds.</value>
<comment>The description provided for the Instance parameter on AzureAdOptions.</comment>
</data>
<data name="DisplayAttributeDescription_AzureAdOptions_RequiredRole" xml:space="preserve">
<value>The role required to be able to authenticate.</value>
<comment>The description provided for the RequiredRole parameter on AzureAdOptions.</comment>
</data>
<data name="DisplayAttributeDescription_AzureAdOptions_SwaggerScope" xml:space="preserve">
<value>The API scope required by users to be able to interactively authenticate using the in-box Swagger UI. If not specified, users will not be able to interactively authenticate.</value>
<comment>The description provided for the SwaggerScope parameter on AzureAdOptions.</comment>
</data>
<data name="DisplayAttributeDescription_AzureAdOptions_TenantId" xml:space="preserve">
<value>The tenant id of the Azure Active Directory tenant, or its tenant domain.</value>
<comment>The description provided for the TenantId parameter on AzureAdOptions.</comment>
</data>
<data name="ErrorMessage_MultipleAuthenticationModesSpecified" xml:space="preserve">
<value>Multiple authentication modes were configured. Only one may be set.</value>
<comment>Gets the format string for rejecting validation due to multiple authentication modes being specified in configuration. </comment>
</data>
</root>
Loading

0 comments on commit 45cbddb

Please sign in to comment.