Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[POC] AAD: Configuring ServerTelemetryChannel and QuickPulseServiceClient #2220

Closed
wants to merge 116 commits into from
Closed

[POC] AAD: Configuring ServerTelemetryChannel and QuickPulseServiceClient #2220

wants to merge 116 commits into from

Conversation

TimothyMothra
Copy link
Member

@TimothyMothra TimothyMothra commented Apr 9, 2021
edited

Consuming CredentialEnvelope within TelemetryChannels and QuickPulseServiceClient

For more information see the parent item: #2190.

Introduction

This PR demonstrates an approach to handling the configuration of the CredentialEnvelope.

TODO: Need to write unit tests to validate possible configuration scenarios.

TelemetryConfiguration

TelemetryConfiguration has a method SetAzureTokenCredential for a user to provide the TokenCredential.
This method could be called either before or after the user has set the TelemetryChannel.

To deal with this, both setting a credential and setting a TelemetryChannel will invoke TelemetryConfiguration.SetTelemetryChannelCredentialEnvelope.

ISupportCredentialEnvelope

To simplify passing the CredentialEnvelope to the TelemetryChannels, I've introduced a new interface ISupportCredentialEnvelope.
This ensures that the TelemetryConfiguration can set either InMemoryChannel or ServerTelemetryChannel.

TelemetryChannels

Each TelemetryChannel must provide the CredentialEnvelope on their respective internal classes.
TelemetryItems ultimately end up stored in a Transmission object. This object can be serialized for file storage. I've confirmed that the Credential object will not be serialized.

Tokens themselves will expire and therefore are not set on the Transmission object until just before invoking Transmission.SendAsync. If a Transmission needs to be retried, it will receive a new token.

InMemoryChannel

InMemoryChannel.CredentialEnvelope sets InMemoryTransmitter.CredentialEnvelope which is used to set Transmission.CredentialEnvelope just before calling Transmission.SendAsync.

ServerTelemetryChannel

ServerTelemetryChannel.CredentialEnvelope sets Transmitter.CredentialEnvelope and then sets TransmissionSender.CredentialEnvelope which is used to set Transmission.CredentialEnvelope just before calling Transmission.SendAsync.

@TimothyMothra
getting started. defining classes and tests
84eba5c
@TimothyMothra
more tests. currently passing
180c039
@TimothyMothra
cleanup
d501eef
@TimothyMothra
saving work in progress
5a556d3
@TimothyMothra
cleanup
2f7f7f8
@TimothyMothra
cleanup
9beac17
@TimothyMothra
cleanup
14b65b2
@TimothyMothra
save work in progress. all tests passing
8446075
@TimothyMothra
cleanup
0fe4b8c
@TimothyMothra
change interface to abstract class.
52785bb 
change reflection to use a compiled expression.
@TimothyMothra
cleanup
acb3fd0
@TimothyMothra
working reflection for GetTokenAsync
66592c9
@TimothyMothra
cleanup. tests pass
33570ec
@TimothyMothra
cleanup
f181df5
@TimothyMothra
rewriting reflection to fully use Expression.Lambda. tests partially …
7b30407 
…passing.
@TimothyMothra
cleanup
4e38ac2
@TimothyMothra
change from Lambda<Func> to LambdaExpression. Tests pass
862d3f2
@TimothyMothra
have a working example of aysnc + Expression tree. need to cleanup
ddcbecd
@TimothyMothra
this works. tests pass. needs significant cleanup.
0a82f7b
@TimothyMothra
significant refactor. cleanup. all tests pass
47ce7e5
@TimothyMothra
update scope
76fd2d7
@TimothyMothra
save change to publicapi doc
c5e44de
@TimothyMothra
cleanup
46f35e6
@TimothyMothra
TokenCredential + QuickPulse
dade297
@TimothyMothra
set default in abstract class
2464125
@TimothyMothra
update header key
c387eaa
@TimothyMothra
finished mapping out how to set CredentialEnvelope on all TelemetryCh…
9f5e579 
…annels and QuickPulseModule. Need to write tests.
@TimothyMothra
update request header. move to constants
f2ac1d8
@TimothyMothra
Merge branch 'develop' into tilee/feature_aad
8a93434
@TimothyMothra
update publicapi
159bbc9
cijothomas
cijothomas reviewed May 28, 2021
View reviewed changes
BASE/src/Microsoft.ApplicationInsights/Channel/Transmission.cs Outdated

if (aadToken == null)
{
// TODO: DO NOT SEND. RETURN FAILURE AND LET CHANNEL DECIDE WHEN TO RETRY.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will be considered a client side failure, and data would not be retried by default.
Its probably a complex part to decide if we want to store items for later retry, if the AAD is down..

cijothomas
cijothomas reviewed May 28, 2021
View reviewed changes
...erformanceCollector/Perf.Shared.NetFull/Implementation/QuickPulse/QuickPulseServiceClient.cs Outdated
@@ -381,6 +386,12 @@ private void AddHeaders(HttpWebRequest request, bool includeIdentityHeaders, str
request.Headers.Add(QuickPulseConstants.XMsQpsInvariantVersionHeaderName,
MonitoringDataPoint.CurrentInvariantVersion.ToString(CultureInfo.InvariantCulture));
}

// The AAD token is an optional feature. Only include if it is provided.
if (!string.IsNullOrEmpty(aadToken))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this intentionally optional for QP? elsewhere, in the regular channel, its like mandatory, if user has set tc.settokencred.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh good catch. i need to rethink this

@TimothyMothra TimothyMothra mentioned this pull request May 28, 2021
Merged
4 tasks
@TimothyMothra TimothyMothra changed the title AAD: Configuring TelemetryChannels and QuickPulse AAD: Configuring ServerTelemetryChannel and QuickPulseServiceClient May 29, 2021
@TimothyMothra TimothyMothra changed the title AAD: Configuring ServerTelemetryChannel and QuickPulseServiceClient [POC] AAD: Configuring ServerTelemetryChannel and QuickPulseServiceClient May 29, 2021
This was referenced May 29, 2021
Merged
Merged
pharring
pharring reviewed May 31, 2021
View reviewed changes
BASE/src/Microsoft.ApplicationInsights/Channel/InMemoryChannel.cs
@@ -96,6 +95,20 @@ public TimeSpan SendingInterval
}
}

/// <summary>
/// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
/// FOR INTERNAL USE. Customers should use <see cref="TelemetryConfiguration.SetAzureTokenCredential"/> instead.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't really need this comment anymore since ISupportCredentialEnvelope is, itself, internal.

pharring
pharring reviewed May 31, 2021
View reviewed changes
BASE/src/ServerTelemetryChannel/Implementation/TransmissionSender.cs
@@ -107,6 +108,15 @@ public virtual int ThrottleWindow
}
}

/// <summary>
/// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of "AAD", suggest "authorization" or "auth-token acquisition".

@TimothyMothra TimothyMothra deleted the tilee/feature_aad_w_config branch June 3, 2021 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cijothomas cijothomas cijothomas left review comments

@pharring pharring pharring left review comments

@rajkumar-rangaraj rajkumar-rangaraj Awaiting requested review from rajkumar-rangaraj

@reyang reyang Awaiting requested review from reyang

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.18
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@TimothyMothra @cijothomas @pharring