Cosmos DB - Authorization policy

[MindFlavor]

This PR enhances the pipeline by adding the AuthorizationPolicy and migrates the preexisting CosmosDB pipeline operations to the new policy.

AuthorizationPolicy

The AuthorizationPolicy cannot be in Core since every service uses a different authorization mechanism. So this PR proposes to have a specific policy in each module (they can potentially be shared in case of duplication). This PR covers Cosmos DB only. While CosmosDB does not support (yet) the bearer token authentication, it's possibile to authenticate specific users with shared key.

The AuthorizationPolicy will handle the authentication by injecting the required headers to the request passing through the pipeline. Since the resulting authorization token can depend on the preexisting headers the AuthorizationPolicy must be executed right before the TransportPolicy. Also, since the token depends on the current timestamp (to mitigate reply attacks), AuthorizationPolicy must be run at every retry.

Cosmos context

In CosmosDB, the authorization token depends on the resource type. This information must be somehow passed through the pipeline because the AuthorizationPolicy needs it.
The information of which resource to authenticate must be passed by the operation builder prior starting the pipeline. For example, the create_database operation, knowing that it has to work on ResourceType::Databases, must be able to pass ResourceType::Databases to the AuthorizationPolicy. The pipeline has a Context struct that must be instantiated by the SDK user (ie the code that calls create_database). The Context will then traverse the pipeline. As such is a good candidate for the resource type information.

For this reason, this PR proposes an additional type, called PipelineContext that wraps the user-supplied Context and adds the module-dependent field. This is achieved by exposing a generic (constrained to be Send + Sync).

An alternative approach (shown here: https://github.com/MindFlavor/azure-sdk-for-rust/tree/cosmos/auth_policy%2Fdev) is to use Rust's runtime polymorphism in the form of std::any::Any. Basically Context will have a Box<dyn Any> field that can accept anything. It would be responsibility of the operation builder (ie the create_database function) to store the relevant information in the Box<dyn Any> instance. The AuthorizationPolicy will then downcast_ref() the Any instance and get the expected type.
While this approach is easy to do, it lacks any kind of type safety and relies upon conventions (which is very unidiomatic in Rust). Also, it's runtime enforced only (another thing unidiomatic in Rust).

The approach proposed in this PR, instead, is type safe and clearly self-explanatory.

Notable changes

• Created the PipelineContext<BAG> discussed above (composition of Context and custom field of type BAG).
• Changed Policy trait to be generic on the BAG above. This allows policies that accept generic PipelineContext<BAG>.
• Changed the pipeline to be generic on the BAG above.
• Fixed the preexisting policies to accept the BAG generic (called R for brevity, this is something we might want to correct to avoid confusion).
• Implemented Policy<CosmosContext> for AuthorizationPolicy.
• Changed pipeline code in CosmosDB to support the AuthorizationPolicy (and to send the proper PipelineContext<CosmosContext> down the pipeline.
• Removed useless cosmos_client::prepare_request2.
• Created a new function in cosmos_client called prepare_request_pipeline. This function will no longer perform authentication since it will delegated to the pipeline policy AuthorizationPolicy.
• Moved all the authorization code from CosmosClient to AuthorizationPolicy (preexisting non-pipeline code has been rerouted pending removal).
• Removed uninmplemented from add_as_header2 that caused E2E tests to fail (fix CosmosDB E2E attachment tests fail with not implemented panic #324).
• Implemented add_as_header2 for all the required types.

[rylev]

I was skeptical of the proposal, but it's not too bad. I definitely think it's better than having an Any that service specific policies can downcast. I just had a bunch of small notes.

[rylev]

nit: not sure if we need to make the comment lines so short. Means we quickly have lots of lines of comments.

[MindFlavor]

I have a vim plugin that inserts a cr to keep comments < 80 chars wide (yes, I'm old 🤷‍♂️). I agree it doesn't really matter since Rust's lines can easily go over that limit. What should we use as a limit?

[MindFlavor]

Thank you @rylev for taking the time to review this! I'll try to address your suggestions and push another commit.

[rylev]

@MindFlavor looks good. Shall we merge?

[MindFlavor]

@MindFlavor looks good. Shall we merge?

Yes, let's keep the ball rolling! 👍