-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds property baseUri on the ServiceClientOptions #457
Adds property baseUri on the ServiceClientOptions #457
Conversation
…if a token credential is passed
Any concerns with subsequent interfaces extending ServiceClientOptions and redeclaring the |
@ramya-rao-a I don’t know of use cases like that. This approach is simpler than others we’ve talked, but it’s less considerate of edge cases. We could have something more automated, like a function on the adapter that gets called on |
Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com>
Oh I understood now that you meant if nothing breaks if the baseUri property is re-declared on constructors (I thought you meant late assignments). Testing to be sure! |
In our repo there are several instances where ServiceClientOptions is extended and the sub-interface defines
However I did notice that more common that super(credentials, options);
this.endpoint = 'https://api.cognitive.microsoft.com';
this.baseUri = "{Endpoint}/bing/v7.0";
this.requestContentType = "application/json; charset=utf-8";
this.credentials = credentials;
if (options.endpoint !== null && options.endpoint !== undefined) {
this.endpoint = options.endpoint;
} So @sadasant, I don't know if you'll also need to make more changes to support clients that expose |
@chradek In the On Identity, the scope is received on each Let me know if I’m missing something 🤔 |
@chradek for the case you presented here: https://github.com/Azure/azure-sdk-for-js/blob/ce2c1f5310bf0e71dbf8bc2b29d5731a9dfd961f/sdk/cognitiveservices/cognitiveservices-entitysearch/src/entitySearchClientContext.ts#L40-L48 I believe that scope is specific to the service version they use. For them, the default scope is likely sufficient, unless they’re working on external clouds. But to confirm I would need to test it, or speak with somebody owning the cognitive search client. Let me see if I can find someone. |
For what it's worth, I don't think what cognitive services is doing with |
Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com>
…m/sadasant/ms-rest-js into fix/azure-sdk-for-js-issues-15945
@ramya-rao-a sounds good! thank you! |
On another set of second thoughts... For other Azure clouds, the authority host needs to be set when creating the TokenCredential from switch (azureTokenCredential.authorityHost) {
case "https://login.chinacloudapi.cn":
this.scopes = "https://management.chinacloudapi.cn/.default"
break;
// and so on for other clouds
default:
break;
} |
@deyaaeldeen has been experimenting with the |
@ramya-rao-a Ok I’ll work on a PR for v1 |
@ramya-rao-a @deyaaeldeen on second thought From the perspective of Identity, authorityHost does not fully overlap with scopes. Scopes are about what one wants to gain access to, and authorityHost is about who we want to authenticate with. I think that’s part of the problem on ms-rest-js, baseUri is not a reliable scope for the same reason. It would be better if we could derive the scope during the authentication request, and not at the constructor. |
Fair enough In that case, lets guard the changes in this PR to only take affect if the baseUri matches the ARM scope We have logged Azure/autorest.typescript#1153 to ensure that only the ARM packages get the TokenCredential support in the client constructor so that we don't have to worry what scope to use for data plane packages |
3946f75
to
dd32d33
Compare
I pushed a change that makes it so the baseUri is used as the scope only if it matches the management clouds. Please let me know if there’s anything else I can do! |
lib/serviceClient.ts
Outdated
if ( | ||
options?.baseUri && | ||
azureManagementClouds.find((cloud) => options!.baseUri!.indexOf(cloud) > -1) | ||
) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we simplify this?
if ( | |
options?.baseUri && | |
azureManagementClouds.find((cloud) => options!.baseUri!.indexOf(cloud) > -1) | |
) { | |
if ( | |
options?.baseUri && | |
azureManagementClouds.includes(options?.baseUri) | |
) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Includes breaks in the browser, I think https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/includes
Well, InternetExplorer, so I guess it’s ok to use it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I merged it, but keep in mind that includes will work only for exact matches.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And that is good right? We want exact matches
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My brain is kinda fried right now. 🙇♂️ 🙇♂️ slowly leaves
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as we know, the baseuri indeed needs to match the resource manager endpoints we have listed here. If there are cases where this is not true, I would much rather hear that from a customer than make assumptions ourselves
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed here: 7224651
Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com>
lib/serviceClient.ts
Outdated
let serviceClientCredentials: ServiceClientCredentials | undefined; | ||
if (isTokenCredential(credentials)) { | ||
serviceClientCredentials = new AzureIdentityCredentialAdapter(credentials); | ||
let scope: string | undefined = undefined; | ||
const azureManagementClouds = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: This const can be defined outside of this class to avoid initialization every time a ServiceClient is created
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed here: 7224651
Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com>
Another nit: Is the term And official docs refer to the latter as well. See https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview |
…nditional improvement
@ramya-rao-a I think I’ve addressed all the feedback through this commit: 7224651 |
Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com>
Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com>
Added a new property
baseUri
on theServiceClientOptions
, so that when aTokenCredential
is sent toServiceClient
, it now automatically sets the scope of future token requests based on theoptions.baseUri
property.This should address Azure/azure-sdk-for-js#15945