Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[core-amqp][event-hubs] add support for NamedKeyCredential and SASCredential #14423

Merged
12 commits merged into from
Mar 29, 2021

Conversation

chradek
Copy link
Contributor

@chradek chradek commented Mar 23, 2021

Adds support for NamedKeyCredential and SASCredential to @azure/event-hubs.

Background

Event Hubs supports using token-based AAD auth via the @azure/identity credentials, and both "shared access key" and "shared access signature" via the connection string.

This change allows the EventHubConsumerClient and EventHubProducerClient to support both "shared access key" and "shared access signature" methods of auth via credential objects defined by @azure/core-auth.

It already supports connection strings, so why add 2 more credential types?

Both the AzureNamedKeyCredential and AzureSASCredential classes support rotation by calling their respective update methods. Since connection strings can't be rotated within a client, the user would need to close their existing clients (which may be in the process of sending or receiving events!) and create new ones if their keys were rotated.

With this change, the user only needs to call update on the credential they passed to their Event Hubs client, and the client will automatically use the new values.

Why is this change in core-amqp as well?

Service Bus and Event Hubs both need these changes. Note that the APIs added to core-amqp have the @hidden tag so they won't show up in documentation.

TODO

  • verify that the SDK retries 'unauthorized' errors. This, and the token expiry, will determine when the clients attempt to use the rotated credentials.

@ghost ghost added the Event Hubs label Mar 23, 2021
@chradek chradek marked this pull request as ready for review March 25, 2021 04:45
@@ -39,3 +39,4 @@ export {
} from "./util/utils";
export { AmqpAnnotatedMessage } from "./amqpAnnotatedMessage";
export { logger } from "./log";
export * from "./internals";
Copy link
Contributor Author

@chradek chradek Mar 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really wanted to do export * as Internals from "./internals"; but unfortunately api-extractor doesn't support it (yet).
microsoft/rushstack#2412

@chradek
Copy link
Contributor Author

chradek commented Mar 25, 2021

/azp run js - event-hubs - tests

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@chradek chradek changed the title [event-hubs] add support for NamedKeyCredential and SASCredential [core-amqp][event-hubs] add support for NamedKeyCredential and SASCredential Mar 26, 2021
@chradek chradek force-pushed the amqp-named-key-cred branch from d9026c7 to 430b188 Compare March 26, 2021 22:17
@chradek
Copy link
Contributor Author

chradek commented Mar 26, 2021

/azp run js - event-hubs - tests

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@chradek chradek force-pushed the amqp-named-key-cred branch from 430b188 to 30202e8 Compare March 27, 2021 03:24
@chradek
Copy link
Contributor Author

chradek commented Mar 27, 2021

/azp run js - event-hubs - tests

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

sdk/core/core-amqp/src/auth/tokenProvider.ts Outdated Show resolved Hide resolved
sdk/eventhub/event-hubs/src/connectionContext.ts Outdated Show resolved Hide resolved
sdk/eventhub/event-hubs/src/connectionContext.ts Outdated Show resolved Hide resolved
sdk/eventhub/event-hubs/src/eventHubConsumerClient.ts Outdated Show resolved Hide resolved
sdk/core/core-amqp/review/core-amqp.api.md Outdated Show resolved Hide resolved
@chradek
Copy link
Contributor Author

chradek commented Mar 29, 2021

Updated based on feedback!

Copy link
Contributor

@ramya-rao-a ramya-rao-a left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved! I have gone over all the code changes in the non test files and they look good to me

@chradek
Copy link
Contributor Author

chradek commented Mar 29, 2021

/check-enforcer reset

@ghost
Copy link

ghost commented Mar 29, 2021

Hello @chradek!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@ghost ghost merged commit 42fb302 into Azure:master Mar 29, 2021
jay-most pushed a commit to jay-most/azure-sdk-for-js that referenced this pull request Apr 26, 2021
…dential (Azure#14423)

Adds support for `NamedKeyCredential` and `SASCredential` to `@azure/event-hubs`.

## Background

Event Hubs supports using token-based AAD auth via the `@azure/identity` credentials, and both "shared access key" and "shared access signature" via the connection string.

This change allows the `EventHubConsumerClient` and `EventHubProducerClient` to support both "shared access key" and "shared access signature" methods of auth via credential objects defined by `@azure/core-auth`.

## It already supports connection strings, so why add 2 more credential types?

Both the `AzureNamedKeyCredential` and `AzureSASCredential` classes support rotation by calling their respective `update` methods. Since connection strings can't be rotated within a client, the user would need to close their existing clients (which may be in the process of sending or receiving events!) and create new ones if their keys were rotated.

With this change, the user only needs to call `update` on the credential they passed to their Event Hubs client, and the client will automatically use the new values.

## Why is this change in core-amqp as well?

Service Bus and Event Hubs both need these changes. Note that the APIs added to core-amqp have the `@hidden` tag so they won't show up in documentation.

## TODO

- [x] verify that the SDK retries 'unauthorized' errors. This, and the token expiry, will determine when the clients attempt to use the rotated credentials.
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants