Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs for dapr/components-contrib #972 #1755

Closed
ItalyPaleAle opened this issue Aug 31, 2021 · 5 comments
Closed

docs for dapr/components-contrib #972 #1755

ItalyPaleAle opened this issue Aug 31, 2021 · 5 comments
Assignees
@ItalyPaleAle
Labels
content/missing-information More information requested or needed
Milestone
1.4

Comments

@ItalyPaleAle
Copy link
Contributor

ItalyPaleAle commented Aug 31, 2021
edited
Loading

What content needs to be created or modified?
dapr/components-contrib#972 updated these components by implementing support for the "common Azure auth layer".

  • secretstores/azure/keyvault
  • state/azure/blobstorage

There are a few docs updates that are required to highlight the new features:

  1. For all components that support the "common Azure layer" (currently the two ones above), authentication is now supported also with Azure AD, which means Service Principals and MSI. Before, support was incomplete and inconsistent: secretstores/azure/keyvault did support Service Principals but only using certificates (not client secrets), and it supported MSI's. state/azure/blobstorage did not support Azure AD authentication at all, only shared keys; this has been added and now it supports service principals and MSI.
  2. As part of this change, we've standardized the names of metadata properties. For AKV, the names have changed to these (note that the old names continue to work, but are considered legacy):
  • spnTenantId -> azureTenantId
  • spnClientId -> azureClientId
  • spnCertificate -> azureCertificate
  • spnCertificateFile -> azureCertificateFile
  • spnCertificatePassword -> azureCertificatePassword
  1. In order to support authentication with a SP and using a client secret, a new metadata property has been added to all the components that support the common Azure auth layer: azureClientSecret.
  2. Note that the docs for AKV said that MSI were supported only on AKS. This is incorrect: MSI's should work also on Azure VMs, App Service, etc.

To recap, there are now multiple ways for the components that have been updated to authenticate with Azure.

  • All the updated components support authentication via Azure AD, which comes in two flavors:
    1. Authenticating using a Service Principal requires setting azureTenantId, azureClientId, azureClientSecret.
    2. Authenticating using a SP with a certificate instead uses azureTenantId, azureClientId, and azureCertificate (optionally, azureCertificateFile and/or azureCertificatePassword if needed)
    3. Authenticating with a MSI doesn't require anything, although an azureClientId may be specified if needed (again, this is optional)
  • Depending on the component, shared key authentication may be supported.
    • Azure Key Vault does not support this.
    • Azure Storage supports the old authentication with a accountKey

Describe the solution you'd like

These 3 pages will need to be updated to reflect the new authentication options:

My proposal is actually to:

The associated pull request from dapr/dapr, dapr/components-contrib, or other Dapr code repos
dapr/components-contrib#972

Additional context
Note that more components are being updated to support the common Azure auth layer (see dapr/components-contrib#1103). For example, a PR is being reviewed for Cosmos DB: dapr/components-contrib#1104 I am going to open a separate issue for that.
@ItalyPaleAle ItalyPaleAle added the content/missing-information More information requested or needed label Aug 31, 2021
@ItalyPaleAle ItalyPaleAle mentioned this issue Aug 31, 2021
Closed
@artursouza artursouza added this to the 1.4 milestone Sep 2, 2021
@artursouza
Copy link
Member

@berndverst Can you look into this doc for 1.4?

@orizohar
Copy link

orizohar commented Sep 9, 2021

@artursouza @berndverst @ItalyPaleAle - we need a docs PR for this, looks like the code change will go out in v1.4

@ItalyPaleAle
Copy link
Contributor Author

Ori when's the deadline? I can look into contributing at least the part explaining the common Azure auth layer by EOW.

@yaron2
Copy link
Member

yaron2 commented Sep 9, 2021

@ItalyPaleAle it'd be very helpful if you can work on this.

@orizohar
Copy link

orizohar commented Sep 9, 2021

Ori when's the deadline? I can look into contributing at least the part explaining the common Azure auth layer by EOW.

@ItalyPaleAle that would be terrific! We plan to release v1.4 9/14 (see dapr/dapr#3492) and we want all new features or behavior changes captured in the docs (in this case that means v1.4 branch of the docs repo)

@ItalyPaleAle ItalyPaleAle mentioned this issue Sep 10, 2021
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ItalyPaleAle ItalyPaleAle

Labels
content/missing-information More information requested or needed
Projects
None yet
Milestone
1.4
Development

No branches or pull requests
4 participants
@ItalyPaleAle @artursouza @orizohar @yaron2