Add option to ignore Cosmos emulator certificate.

[mitchdenny]

This PR adds an option to allow developers to ignore the Cosmos emulator ceritficate if it is detected. Usage:

builder.AddAzureCosmosDB("ratingsdb", (settings) =>
{
    settings.IgnoreEmulatorCertificate = true;
});

Also fixes:
#1664

Related:
#1002

Outstanding items:

• Update README.md
• Add some test coverage.

Microsoft Reviewers: Open in CodeFlow

[Pilchie]

Also tagging @sourabh1007

[Pilchie]

See aslo Azure/azure-cosmos-dotnet-v3#4251 where @sourabh1007 is working on building this directly into the SDK.

[josephaw1022]

can we just set this to true if you use the useEmulator method?

so instead of

builder.AddAzureCosmosDB("ratingsdb", (settings) =>
   {
       settings.IgnoreEmulatorCertificate = true;
   })
      .UseEmulator()
      .AddDatabase("mydb");

It would just be

builder.AddAzureCosmosDB("ratingsdb")
      .UseEmulator()
      .AddDatabase("mydb");


// and useEmulator would then make that setting change. 

// or another approach is 

builder.AddAzureCosmosDB("ratingsdb", useEmulator: true)
      .AddDatabase("mydb");

and it would then do the same thing as the first code block

[mitchdenny]

can we just set this to true if you use the useEmulator method?

@josephaw1022 ... good question. We had a session today where we were reviewing some aspects of the app model. The UseEmulator(...) method will be staying. It will grow into a mechanism to allow customization of the underlying container if required.

[eerhardt]

Thanks!

[eerhardt]

This line isn't in

https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-develop-emulator?tabs=windows%2Ccsharp&pivots=api-nosql#connect-to-the-emulator-from-the-sdk

It just has the ServerCertificateCustomValidationCallback and ConnectionMode lines. Why is LimitToEndpoint being set to true here?

[mitchdenny]

I'm not 100% sure of the reason why but without LimitToEndpoint the trick doesn't work. I think it has something to do with the way that the Cosmos client talks to different regional gateways. But I'm not sure how/why that comes into play in the emulator scenario ... but it does seem to make a difference here.

[eerhardt]

Should the docs be updated then? - cc @Pilchie @sourabh1007

[sourabh1007]

Looks like document is already updated and LimitToEndpoint is not required.

[eerhardt]

and LimitToEndpoint is not required.

Then why is @mitchdenny saying it is required above?

but without LimitToEndpoint the trick doesn't work.

[kirankumarkolli]

@eerhardt docs was update just a day back or so.
@mitchdenny might have referenced it before that change.

Emulator will only have a single region; functional wise it will not impact but unnecessary and confuses.

Ability to ignore SSLCert through connection string is currently in PR stage and next release might ship it. Post that hopefully all above can be updated accordingly.

[eerhardt]

@mitchdenny - can you verify that we don't need the line setting LimitToEndpoint = true;? I don't want us doing something that isn't in the docs.

[ealsur]

Whoever wrote those docs did not consult with the SDK team. The original version of that doc had it and that might have brought the confusion. We discovered the issue, we corrected the docs (https://github.com/MicrosoftDocs/azure-docs-pr/pull/263406). LimitToEndpoint has nothing to do with emulator or SSL certificates, it's a flag meant to disable cross-region retries on the SDK -> https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/troubleshoot-sdk-availability

[eerhardt]

This should have had the same changes as the other README.