-
Notifications
You must be signed in to change notification settings - Fork 287
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AAD: Handling Azure.Core.TokenCredential #2191
Conversation
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
...osoft.ApplicationInsights/Extensibility/Implementation/Authentication/ICredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
...t.ApplicationInsights/Extensibility/Implementation/Authentication/TokenCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
change reflection to use a compiled expression.
This comment has been minimized.
This comment has been minimized.
BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs
Outdated
Show resolved
Hide resolved
/// <summary> | ||
/// Gets an envelope for Azure.Core.TokenCredential which provides an AAD Authenticated token. | ||
/// </summary> | ||
public CredentialEnvelope CredentialEnvelope { get; private set; } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider making this internal, if end users are not expected to read this back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xiaomi7732 for https://github.com/microsoft/ApplicationInsights-Profiler-AspNetCore
Snapshot Collector is Microsoft.ApplicationInsights.SnapshotCollector, but note that it has a different public key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for tagging me on this. AI.SDK
and Profiler
have different build cycles - and we have mixed references. How are we going to make that work?
For example, our desktop build (no StrongName) assemblies might reference public/stable version of app insights SDK, in which case, the InternvalVisibileTo (to a strongNamed assembly) won't work. What is that I missed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you need to worry about version numbers. InternalsVisibleTo uses just the assembly's name and public key. The question really is whether you expect to take a dependency on a version of the core SDK that has CredentialEnvelope, or would you stick with an older version and use reflection to get CredentialEnvelope.
I still haven't decided for Snapshot Collector. There's going to be some reflection anyway in order to use the CredentialEnvelope.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On this topic, I think I am asked to provide assembly names and public keys so that in Core SDK, it knows to expose the internal classes.
The deal is, during the development, our assemblies aren't going to be strongnamed - that means we won't be able to see the internal classes in the Core SDK anyway.
On the other hand, reflection will work, with or without InternalVisibleTo
.
So, what is the point to add the InternalVisibleTo
for our assemblies? And that is what I am asking, in case I missed something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're changing this property to internal
.
Optionally, if you want to utilize this without reflection you can submit a PR to add your SDK to our InternalsVisibleTo
.
...rosoft.ApplicationInsights/Extensibility/Implementation/Authentication/CredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Outdated
Show resolved
Hide resolved
...licationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Show resolved
Hide resolved
BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs
Outdated
Show resolved
Hide resolved
SdkInternalOperationsMonitor.Enter(); | ||
try | ||
{ | ||
return await AzureCore.InvokeGetTokenAsync(this.tokenCredential, this.tokenRequestContext, cancellationToken).ConfigureAwait(true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cijothomas , Is ConfigureAwait(true)
the correct usage for SdkInternalOperationsMonitor
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I answered my own question.
ProfileServiceWrapper
calls Async methods inside an InternalOperation.
Lines 86 to 107 in e1ff87e
private async Task<string> SendRequestAsync(string instrumentationKey) | |
{ | |
try | |
{ | |
SdkInternalOperationsMonitor.Enter(); | |
var resultMessage = await this.GetAsync(instrumentationKey).ConfigureAwait(false); | |
if (resultMessage.IsSuccessStatusCode) | |
{ | |
return await resultMessage.Content.ReadAsStringAsync().ConfigureAwait(false); | |
} | |
else | |
{ | |
this.FailedRequestsManager.RegisterFetchFailure(instrumentationKey, resultMessage.StatusCode); | |
return null; | |
} | |
} | |
finally | |
{ | |
SdkInternalOperationsMonitor.Exit(); | |
} | |
} |
...ights.Tests/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelopeTests.cs
Show resolved
Hide resolved
/// Set a TokenCredential for this configuration. | ||
/// </summary> | ||
/// <param name="tokenCredential">An instance of Azure.Core.TokenCredential.</param> | ||
public void SetCredential(object tokenCredential) => this.CredentialEnvelope = new ReflectionCredentialEnvelope(tokenCredential); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as a follow up, we could modify the method comment to be more descriptive, and can warn that this throws exception when object is not of type Azure.Core.TokenCredential.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
an alternate name could be - SetTokenCredential or SetAzureTokenCredential, to make it more clear that this is an azure only thing.
/// <returns>A valid Azure.Core.AccessToken.</returns> | ||
public string GetToken(CancellationToken cancellationToken = default) | ||
{ | ||
SdkInternalOperationsMonitor.Enter(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it may be better to leave the job of entering/exiting internal operation to the consumer (like Transmission class)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will investigate this in second PR.
* Added support for FlushAsync API * Added more test cases * Corrections to test case * fixed merge conflicts * Fixed an issue with IsEnqueueSuccess * Bumping CurrentInvariantVersion for QuickPulse. (microsoft#2123) * Endpoint and ping interval hints for QuickPulseModule. * Updating changelog.md with the PR link for the change. * StyleCop error fix. * Bumping CurrentInvariantVersion for QuickPulse. * Unit test fixes. * Update how BuildNumbers are calculated (microsoft#2125) * Update _GlobalStaticVersion.props Change to the way we calculate the build number. Formerly, we calculated builds as the TotalMinutes between DateTime.Now and the semantic version time stamp, divided by 5. This meant that every 5 minutes the build number changes. This was hurting nightly nupkgs because our assembly version and packages weren't matching. This PR changes the calculation to be TotalHours / 12. * Update release_NupkgAudit.ps1 * Update Changelog, prep 2.17.0-beta1 (microsoft#2126) * Update release_NupkgAudit.ps1 (microsoft#2128) * Update release_NupkgAudit.ps1 removing the hardcoded hash. will put the value in the build definition. This will be easier to update when certs rotate. * Update release_NupkgAudit.ps1 punctuation * upgrade log4net 2.0.10 (microsoft#2150) * Fix: telemetry parent id when using W3C activity format (microsoft#2145) * Fix telemetry parent id when using W3C activity format * Add unit tests * Added InFlightTransmission struct * Add response duration to TransmissionStatusEventArgs * Update ChangeLog * Update profiler and snapshot endpoints Fixes microsoft#2166 * bump version 2.17 Stable (microsoft#2171) * bump version * Update CHANGELOG.md * finalize public API * remove outdated NuGet.Config files * Update CONTRIBUTING.md (microsoft#2177) * remove comment * Update Readme.md (microsoft#2182) Adding Support policy to readme * Update bug_report.md (microsoft#2183) * Update bug_report.md Adding Immediate support policy to the bug template * Removing item check in serializer * Fix tests * New Implementation * Added Increment to pause storage dequeue * thread sync support for move transmissions * Create dependabot.yml (microsoft#2201) * Fix PropertyFetcher error when used with multiple types (microsoft#2197) * Fix PropertyFetcher error when used with multiple types * Fix build errors Co-authored-by: Timothy Mothra <tilee@microsoft.com> * remove Microsoft.TestPlatform.TestHost (microsoft#2208) * Bump Microsoft.NET.Test.Sdk from 16.7.1 to 16.9.4 (microsoft#2206) * Bump Microsoft.NET.Test.Sdk from 16.7.1 to 16.9.4 Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 16.7.1 to 16.9.4. - [Release notes](https://github.com/microsoft/vstest/releases) - [Commits](microsoft/vstest@v16.7.1...v16.9.4) Signed-off-by: dependabot[bot] <support@github.com> * Update Microsoft.ApplicationInsights.Isolated.Tests.csproj remove System.Reflection.Metadata Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Timothy Mothra <tilee@microsoft.com> * Bump NETStandard.HttpListener from 1.0.2 to 1.0.3.5 (microsoft#2205) Bumps [NETStandard.HttpListener](https://github.com/StefH/NETStandard.HttpListener) from 1.0.2 to 1.0.3.5. - [Release notes](https://github.com/StefH/NETStandard.HttpListener/releases) - [Commits](https://github.com/StefH/NETStandard.HttpListener/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump Newtonsoft.Json from 10.0.3 to 13.0.1 (microsoft#2209) * Bump Newtonsoft.Json from 10.0.3 to 13.0.1 Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 10.0.3 to 13.0.1. - [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases) - [Commits](JamesNK/Newtonsoft.Json@10.0.3...13.0.1) Signed-off-by: dependabot[bot] <support@github.com> * Update Microsoft.ApplicationInsights.Tests.csproj * Update Microsoft.ApplicationInsights.Isolated.Tests.csproj * Update TelemetryChannel.Nuget.Tests.csproj * Update TelemetryChannel.Tests.csproj Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Timothy Mothra <tilee@microsoft.com> * Bump log4net from 2.0.10 to 2.0.12 (microsoft#2204) Bumps [log4net](https://github.com/apache/logging-log4net) from 2.0.10 to 2.0.12. - [Release notes](https://github.com/apache/logging-log4net/releases) - [Changelog](https://github.com/apache/logging-log4net/blob/master/ReleaseInstructions.txt) - [Commits](apache/logging-log4net@rel/2.0.10...rc/2.0.12) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump System.Text.Encoding.CodePages from 4.3.0 to 5.0.0 (microsoft#2211) * Bump Microsoft.AspNetCore.Identity from 2.1.1 to 2.1.2 (microsoft#2215) * Bump Microsoft.AspNetCore.StaticFiles from 2.1.1 to 2.2.0 (microsoft#2216) * Bump Microsoft.AspNetCore.Mvc.TagHelpers from 2.1.1 to 2.2.0 (microsoft#2212) * update and consolidate xunit dependencies (microsoft#2222) * update and consolidate xunit dependencies * fix xunit analyzer * Bump MSTest.TestAdapter from 2.1.2 to 2.2.3 (microsoft#2223) * Bump System.Console from 4.3.0 to 4.3.1 (microsoft#2224) * Bump Microsoft.AspNetCore.Server.IISIntegration from 2.1.1 to 2.2.1 (microsoft#2226) * Saving work in progress. * API changes * Additional tests * spaces * Review changes * Fix flaky test. * PR feedback * InternalsVisibleTo Microsoft.AI.ServerTelemetryChannel (microsoft#2229) * Add CancellationToken check for MoveTransmissions * Bump Microsoft.AspNetCore.Server.Kestrel from 1.1.2 to 2.2.0 (microsoft#2207) * Bump System.Data.SqlClient from 4.7.0 to 4.8.2 (microsoft#2231) Bumps [System.Data.SqlClient](https://github.com/dotnet/corefx) from 4.7.0 to 4.8.2. - [Release notes](https://github.com/dotnet/corefx/releases) - [Commits](https://github.com/dotnet/corefx/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * examples sln (microsoft#2233) * new solution * fix path * additional properties in props * adding AspNetCore WebApp to Examples * simplify property * PR feedback * Initialization code and entry point for Self Diagnostics Module * Adding access modifier * Add APIs as declared API list * Fix flaky test - FlushAsyncTransmissionWithThrottle (microsoft#2247) * Add ManualResetEventSlim.Wait * Fix warning * general maintenance (microsoft#2250) * general maintenance * fix date * update analyzers (microsoft#2198) * update analyzers * remove default case, tests should pass * fxcop * cleanup * testing fix * remove net452 and net46 from aspnetcore (microsoft#2252) * remove net452 and net46 from aspnetcore * changelog * consolidate package references * cleanup unnecessary dependencies in AspNetCore SDK (microsoft#2253) * Move location of Initialization * [SDL] update packages (microsoft#2243) * update packages * update test dependencies * testing fix for version conflicts * Update IntegrationTests.Tests.csproj * cleanup * cleanup * Remove "Module" in class name. Change class to internal. * Update CHANGELOG.md (microsoft#2254) * Add config parser class for SelfDiagnostics * Rename SelfDiagnostics class to SelfDiagnosticsInitializer, and SelfDiagnosticsInternals names to SelfDiagnostics. * Rename test class namespace. Remove xunit dependency. * Add EventListener for SelfDiagnostics (microsoft#2259) * Add EventListener for SelfDiagnostics * Match with EventSource name's prefix * troubleshooting (microsoft#2264) * troubleshooting guides * update * update * update * Update Readme.md * Update Readme.md * Update PostTelemetry.ps1 * Update Readme.md * Encode event and write to file in SelfDiagnosticsEventListener (microsoft#2265) * Encode event and write to file in SelfDiagnosticsEventListener * Fix compile error * Add MemoryMappedFileHandler for SelfDiagnostics (microsoft#2258) * Add MemoryMappedFileHandler for SelfDiagnostics * Rename classes and namespace. * - * Use CollectionAssert.AreEqual to compare byte[] * Add circular write logic into MemoryMappedFileHandler class * Fix trivial compile errors * Fix trivial compile errors * Update EventSource method implementation * Update EventSource method implementation * - * Special requirement for last argument in method definition and last parameter for WriteEvent call * update typo in comment * Add ConfigRefresher for SelfDiagnostics (microsoft#2262) * Add MemoryMappedFileHandler for SelfDiagnostics * Rename classes and namespace. * - * Use CollectionAssert.AreEqual to compare byte[] * Add circular write logic into MemoryMappedFileHandler class * Add ConfigRefresher for SelfDiagnostics * Fix trivial compile errors * Fix trivial compile errors * Update EventSource method implementation * Update EventSource method implementation * - * Special requirement for last argument in method definition and last parameter for WriteEvent call * Add new line at end of file * Change namespace for SelfDiagnosticsInitializer * Remove redundant using namespace statement. * Remove blank line * Cosmetics/technical debt - use pattern matching (microsoft#2268) * Fix ReSharper's "Convert 'as' expression type check and the following null check into pattern matching" / Code Smell * Update changelog with description * Update Readme and changelog for SelfDiagnostics (microsoft#2267) * Add Readme and changelog for Self Diagnostics * Fix failed test cases * Add changelog entry * Update troubleshooting/ETW/Readme.md with Self Diagnostics section * Remove unused code * Add "as of version 2.18.0" * Update Self-Diagnostics instructions (microsoft#2271) * Update Self-Diagnostics instructions * Update Readme.md * Update Readme.md * add Net5.0 to Test Infra and Bask SDK Tests (microsoft#2272) * add support for net461 to Tests (microsoft#2274) * fix Test projects dependency, Microsoft.AspNetCore.App (microsoft#2276) * cleanup frameworks in AspNetCore (microsoft#2278) * cleanup frameworks in AspNetCore * fix fxcop * remove unused dependency (microsoft#2281) * AAD: Handling Azure.Core.TokenCredential (microsoft#2191) * Bump Microsoft.AspNetCore.Mvc.Core from 1.0.3 to 1.0.4 (microsoft#2285) Bumps Microsoft.AspNetCore.Mvc.Core from 1.0.3 to 1.0.4. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * disable flaky tests (microsoft#2289) * AAD: refactor (microsoft#2288) * AAD: refactor * change property to internal * AAD: with InMemoryChannel (microsoft#2290) * aad with InMemoryChannel * Fix AzureSdkDiagnosticListener from crashing user app (microsoft#2294) * Fix AzureSdkDiagnosticListener from crashing user app * changelog * Read Azure SDK Success status (microsoft#2200) * Read Azure SDK Success status * cleanup Base SDK Frameworks (microsoft#2280) Co-authored-by: Cijo Thomas <cithomas@microsoft.com> * AAD: with QuickPulse (microsoft#2291) * AAD: with QuickPulse * AAD: with ServerTelemetryChannel (microsoft#2292) * AAD: with ServerTelemetryChannel * bump version 2.18-beta2 (microsoft#2296) * disable these tests on linux (microsoft#2298) * Updated link to performance counters docs (microsoft#2301) * Updated link to performance counters docs * Update WEB/Src/PerformanceCollector/README.md Co-authored-by: Cijo Thomas <cithomas@microsoft.com> * aad: detect type (microsoft#2303) * Enable the self diagnostics and fix a NullReferenceException bug (microsoft#2302) * Enable the self diagnostics and fix a NullReferenceException bug * Fix compilation warnings. * enable self-diagnostics in example app (microsoft#2305) * AAD: change to CredentialEnvelope to expose Expiration (microsoft#2306) * refactor TransmissionPolicy (microsoft#2311) * Remove OpenCover. CVE-2018-1285 (microsoft#2313) * Update Microsoft.Extensions.Logging to 2.1.1 * AAD: new AuthenticationTransmissionPolicy for retry scenarios. (microsoft#2312) * update version for beta3 (microsoft#2316) * AAD: Misc changes (microsoft#2317) * initialize cache inside constructor * remove todo. not pursing caching right now * cleanup comment * update changelog * Update ReflectionCredentialEnvelope.cs * log to indicated Authentication Policy caught the response from ingestion (microsoft#2319) * Update linux-build.yml (microsoft#2329) update version of dotnet 5 * Self-Diagnostics: include datetimestamp in filename (microsoft#2325) * include datetimestamp in self-diagnostics filename * come review comments * update readme * update readme * Update Readme.md * Update CHANGELOG.md (microsoft#2332) * prune public api (microsoft#2336) * prep 2.18 (microsoft#2337) * Tilee/examples (microsoft#2339) * move example projects to root. change to project reference * update packages * remove release config * rename projects * build definition for examples solution * cleanup yml * fix yml * test fix for yml * test fix yml * Update examples-sanity.yml (microsoft#2340) correct branch name Co-authored-by: Rajkumar Rangaraj <rajrang@microsoft.com> Co-authored-by: Cijo Thomas <cithomas@microsoft.com> Co-authored-by: Timothy Mothra <tilee@microsoft.com> Co-authored-by: ylabade <64366368+ylabade@users.noreply.github.com> Co-authored-by: Paul Harrington <pharring@microsoft.com> Co-authored-by: Paul Harrington <pharring@users.noreply.github.com> Co-authored-by: Oskar Klintrot <oskar.klintrot@gmail.com> Co-authored-by: ank3it <anksr@microsoft.com> Co-authored-by: James Newton-King <james@newtonking.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: xiang17 <xili9@microsoft.com> Co-authored-by: Martin <modermatt@tuta.io> Co-authored-by: Pavel Krymets <pavel@krymets.com> Co-authored-by: Lev Yastrebov <36070899+LevYas@users.noreply.github.com>
Adding support for Azure.Core.TokenCredential to the TelemetryConfiguration
For more information see the parent item: #2190.
Introduction
We have a unique challenge of needing to support
Azure.Core.TokenCredential
while having incompatible Frameworks.To address this I'm making the assumption that if a customer's application is able to create an instance of
TokenCredential
, then they also have theAzure.Core
assembly in their runtime.Going off of this assumption, we're able to use reflection to access the methods of
TokenCredential
and return types available inAzure.Core
.This approach is validated in unit tests.
Implementation
TelemetryConfiguration.SetCredential
We need a way for a customer to provide an implementation of
Azure.Core.TokenCredential
.For this, I've introduced a new method
TelemetryConfiguration.SetCredential
.ApplicationInsights-dotnet/BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs
Lines 408 to 412 in aac78ed
We accept
Object
and validate that the provided object inheritsTokenCredential
.We store this in the new property
TelemetryConfiguration.CredentialEnvelope
which is accessible by all internal classes in the SDK.CredentialEnvelope
We hold the instance of
TokenCredential
in a new classReflectionCredentialEnvelope
which as the name suggests, uses Reflection to interact with theObject
that was provided.ApplicationInsights-dotnet/BASE/src/Microsoft.ApplicationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs
Lines 21 to 37 in aac78ed