Add AAD support for EG #19421
Add AAD support for EG #19421
Conversation
rakshith91
requested review from
lmazuel,
swathipil and
yunhaoling
as code owners
ghost
added
the
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
nit: I think we could avoid duplicating the _get_authentication_policy method for async by adding a policy type argument in the sync helper.
def _get_authentication_policy(credential, bearer_token_policy=BearerTokenCredentialPolicy):
if hasattr(credential, "get_token"):
return bearer_token_policy(
credential,
constants.DEFAULT_EVENTGRID_SCOPE
)then in the async, we do
_get_authentication_policy(credential, AsyncBearerTokenCredentialPolicy)
There was a problem hiding this comment.
dumb question: what error would be raised if a user passed a sync AD credential into the async client?
There was a problem hiding this comment.
It'll be a type error
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
rakshith91
requested review from
LarryOsterman,
abhahn,
amishra-dev,
ankitarorabit,
annatisch,
benbp,
cartertinney,
catalinaperalta,
chlowell,
danieljurek,
digimaun,
giakas,
iscai-msft,
johanste,
kasobol-msft,
kristapratico and
lzchen
as code owners
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| In order to interact with the Event Grid service, you will need to create an instance of a client. | ||
| An **endpoint** and **credential** are necessary to instantiate the client object. | ||
|
|
||
| #### Using Azure Active Directory (AAD) |
There was a problem hiding this comment.
Nice, this reminds me I need to add this for .NET 😄
|
|
||
| To send events to a topic or domain with a `TokenCredential`, the authenticated identity should have the "EventGrid Data Sender" role assigned. | ||
|
|
||
| With the `azure-identity` package, you can seamlessly authorize requests in both development and production environments. To learn more about Azure Active Directory, see the [`azure-identity` README](https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/identity/azure-identity/README.md). |
There was a problem hiding this comment.
We shouldn't link to the old master branch.
There was a problem hiding this comment.
good catch - updated
| _eventgrid_data_typecheck, | ||
| _build_request, | ||
| _cloud_event_to_generated, | ||
| _get_authentication_policy |
There was a problem hiding this comment.
Nitpick: missing trailing comma - did you run this through black?
There was a problem hiding this comment.
nope - i did not - can do that
EDIT: done
| self, | ||
| endpoint: str, | ||
| credential: Union[AzureKeyCredential, AzureSasCredential], | ||
| credential: Union["AsyncTokenCredential", AzureKeyCredential, AzureSasCredential], |
There was a problem hiding this comment.
That seems inconsistent, if not used those types should be in the TYPE_CHECKING as well, but I see now reason why some type would be string and some would be types
|
|
||
| class AsyncEventGridTest(EventGridTest): | ||
|
|
||
| def generate_oauth_token(self): |
There was a problem hiding this comment.
You shouldn't need that, there is everything you need in devtools to care care of that for free
| def get_oauth_endpoint(self): | ||
| return os.getenv("EG_TOPIC_HOSTNAME") | ||
|
|
||
| def generate_oauth_token(self): |
| with pytest.raises(ValueError, match="The provided credential should be an instance of a TokenCredential, AzureSasCredential or AzureKeyCredential"): | ||
| client = EventGridPublisherClient("eventgrid_endpoint", bad_credential) | ||
|
|
||
| @pytest.mark.live_test_only |
There was a problem hiding this comment.
little tricky to generate recording given we use resource group preparers and envvars for secrets
|
/azp run python - eventgrid - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
6 participants
fixes #17963