-
Notifications
You must be signed in to change notification settings - Fork 430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to ignore Cosmos emulator certificate. #1668
Conversation
Also tagging @sourabh1007 |
src/Components/Aspire.Microsoft.Azure.Cosmos/AspireAzureCosmosDBExtensions.cs
Show resolved
Hide resolved
See aslo Azure/azure-cosmos-dotnet-v3#4251 where @sourabh1007 is working on building this directly into the SDK. |
src/Components/Aspire.Microsoft.Azure.Cosmos/AspireAzureCosmosDBExtensions.cs
Outdated
Show resolved
Hide resolved
can we just set this to true if you use the useEmulator method? so instead of builder.AddAzureCosmosDB("ratingsdb", (settings) =>
{
settings.IgnoreEmulatorCertificate = true;
})
.UseEmulator()
.AddDatabase("mydb"); It would just be builder.AddAzureCosmosDB("ratingsdb")
.UseEmulator()
.AddDatabase("mydb");
// and useEmulator would then make that setting change.
// or another approach is
builder.AddAzureCosmosDB("ratingsdb", useEmulator: true)
.AddDatabase("mydb"); and it would then do the same thing as the first code block |
@josephaw1022 ... good question. We had a session today where we were reviewing some aspects of the app model. The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator | ||
}); | ||
clientOptions.ConnectionMode = ConnectionMode.Gateway; | ||
clientOptions.LimitToEndpoint = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line isn't in
It just has the ServerCertificateCustomValidationCallback
and ConnectionMode
lines. Why is LimitToEndpoint
being set to true here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not 100% sure of the reason why but without LimitToEndpoint
the trick doesn't work. I think it has something to do with the way that the Cosmos client talks to different regional gateways. But I'm not sure how/why that comes into play in the emulator scenario ... but it does seem to make a difference here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should the docs be updated then? - cc @Pilchie @sourabh1007
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like document is already updated and LimitToEndpoint
is not required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and LimitToEndpoint is not required.
Then why is @mitchdenny saying it is required above?
but without LimitToEndpoint the trick doesn't work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@eerhardt docs was update just a day back or so.
@mitchdenny might have referenced it before that change.
Emulator will only have a single region; functional wise it will not impact but unnecessary and confuses.
Ability to ignore SSLCert through connection string is currently in PR stage and next release might ship it. Post that hopefully all above can be updated accordingly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mitchdenny - can you verify that we don't need the line setting LimitToEndpoint = true;
? I don't want us doing something that isn't in the docs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoever wrote those docs did not consult with the SDK team. The original version of that doc had it and that might have brought the confusion. We discovered the issue, we corrected the docs (https://github.com/MicrosoftDocs/azure-docs-pr/pull/263406). LimitToEndpoint
has nothing to do with emulator or SSL certificates, it's a flag meant to disable cross-region retries on the SDK -> https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/troubleshoot-sdk-availability
Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com>
var cosmosdb = builder.AddAzureCosmosDB("cosmos").UseEmulator(); | ||
``` | ||
|
||
When the AppHost starts up a local container running the Azure CosmosDB will also be started. Inside the project that uses CosmosDB you also need to specify that you want to ignore the server certificate (so you don't need to manually download and install it): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should have had the same changes as the other README.
This PR adds an option to allow developers to ignore the Cosmos emulator ceritficate if it is detected. Usage:
Also fixes:
#1664
Related:
#1002
Outstanding items:
Microsoft Reviewers: Open in CodeFlow