Network troubleshooter - support for managed identity connections and key vault references

[gajibillik]

This PR adds Functions specific support for end-to-end connectivity testing of triggers/bindings configured for access managed identity v/s connection strings (Blob, Queue, Service Bus and Event Hubs are currently supported).
It also supports validation of key vault references.

Key callouts:

1. Connection strings are not passed to this version, it instead looks up connection information from a specified app setting. The endpoint "validateappsetting" has been updated to support managed identities by allowing the entity name to be specified.
2. Storage validation is now done via individual validators - BlobStorageValidator, QueueStorageValidator, FileShareStorageValidator.
3. Moved all error handling into a couple of utility classes to avoid duplication of logic - ConnectionStringResponseUtility and ManagedIdentityConnectionResponseUtility.
4. Customer facing error and mitigation messages are now supplied by DaaS to the angular app as it has the full context. All messages are contained in a single file to simplify wording review and later improvements - Constants
5. Added a token validator to check if token generated from expected managed identity.

[ghost]

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

❌ gajibillik sign now
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sidkri]

These changes were made in a forked branch and validated for both new scenarios and regression. I have reviewed the changes in the forked branch so requesting that Jeff and Puneet review this final merge to the main repo.

[yifguoMSFT]

This function is very specialized for function apps, because if I want to validate connection strings stored in AppSettings for WebApp, I won't be able to use this function (otherwise it will treat a non-existed appsetting as MSI enabled, and the managed identity naming convention only exists in functions). Maybe we can change the function name to ValidateAppSettingForFunctionApp or something like that?

[yifguoMSFT]

Can we add some comment to the function and briefly describe what is the entityName in the parameter

[sidkri]

I assume you would also want the route to change from "validateappsetting" to something more functions specific?

[yifguoMSFT]

yep

[yifguoMSFT]

I wonder if appSettingName parameter is needed here. Can we catch the exception at the callsite of this function and add appSettingName into error message there? So that this class can be a more general purpose one and no need to stick to appSettingName

[gajibillik]

This function specifically deals with clientid appsetting set in Azure functions only.
ClientIdInvalidTokenGeneratedSummary - This variable has documentation link related to Azure functions only.
Can we create a new method, which can be more generic?

[yifguoMSFT]

I don't think clientId is something specific to Function App, so I believe it can be used for webapp as well without any modification. But I just noticed that the scope was set to https://storage.azure.com/.default, so is this function exclusively for storage account? If so, can you update the class name to reflect this?

[yifguoMSFT]

Can we simply change these properties name instead of overriding them?

[sidkri]

Yes, that's fair.