Add support for managed identity in Azure Cosmos DB hosting component #7092
Conversation
| /// <param name="count">Desired partition count.</param> | ||
| /// <returns>Cosmos emulator resource builder.</returns> | ||
| /// <remarks>Not calling this method will result in the default of 25 partitions. The actual started partitions is always one more than specified. | ||
| /// <remarks>Not calling this method will result in the default of 10 partitions. The actual started partitions is always one more than specified. |
There was a problem hiding this comment.
11 (actual) is the default number of partitions when nothing is set, so updated to 10 since the actual is argument + 1
danmoseley
added
the
area-integrations
src/Components/Aspire.Microsoft.Azure.Cosmos/MicrosoftAzureCosmosSettings.cs
Show resolved
Hide resolved
| namespace Aspire.Hosting.Azure.CosmosDB; | ||
|
|
||
| /// <summary> | ||
| /// This health check also creates default databases and containers for the Azure CosmosDB Emulator. |
There was a problem hiding this comment.
This feels like too much responsibility. Everytime we are checking for "health" we are rechecking all the dbs and containers.
I think it would be better if the health check was only a health check. And then we "waited" for it to be healthy and only ensure the db and containers are created once.
There was a problem hiding this comment.
The default health check is checking only one db and its containers (because its state is only for one db, I assume one could create more instances for other dbs). At least we could do the same, pick the first db.
But I did what you suggested at first, though this could introduce undesired effects that it's stated as healthy but we haven't created the db/containers yet. So while we are creating them other services could have started using them.
Another option would be to change the implementation to do like it does right now, but then store a bool and only check for the first db afterwards (not even the containers).
There was a problem hiding this comment.
Added a flag to only check/create for the resources once.
There was a problem hiding this comment.
This seems like it's the only point of contention in the PR. Is it resolved? The other changes look good. The health check creating the database feels so wrong though 😄 .
This is something we did not solve in the Aspire 9.0 timeframe that we should revisit now.
There was a problem hiding this comment.
We should have a live chat about it, I tried different options. Right now it does the creation attempt only once then falls back to the standard check. This is just the apphost health check though to report for WaithHealthyAsync, the clients use the standard health check.
There was a problem hiding this comment.
I approved the PR, can you open an issue? It's kinda related to #7101
src/Aspire.Hosting.Azure.CosmosDB/AzureCosmosDBEmulatorHealthCheck.cs
Outdated
Show resolved
Hide resolved
tests/Aspire.Hosting.Azure.Tests/AzureCosmosDBEmulatorFunctionalTests.cs
Outdated
Show resolved
Hide resolved
tests/Aspire.Hosting.Azure.Tests/AzureCosmosDBEmulatorFunctionalTests.cs
Outdated
Show resolved
Hide resolved
tests/Aspire.Hosting.Azure.Tests/AzureCosmosDBEmulatorFunctionalTests.cs
Outdated
Show resolved
Hide resolved
|
/azd run |
|
/azd run |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Do we want this to be a breaking change? |
At some point, yes. We want managed identity to be the default everywhere, and this is the last integration that still uses secrets by default. So the question in my mind is: "When do we want to make the breaking change?". I think now is a good time. But I can see an argument to wait until the next major version. |
# Conflicts: # playground/CosmosEndToEnd/CosmosEndToEnd.ApiService/Program.cs # playground/CosmosEndToEnd/CosmosEndToEnd.AppHost/Program.cs # src/Aspire.Hosting.Azure.CosmosDB/AzureCosmosDBExtensions.cs # src/Aspire.Hosting.Azure.CosmosDB/AzureCosmosDBResource.cs # src/Aspire.Hosting.Azure.CosmosDB/PublicAPI.Unshipped.txt # tests/Aspire.Hosting.Azure.Tests/AzureCosmosDBEmulatorFunctionalTests.cs
|
Can we decide if we are going to make the breaking change in 9.1? If yes, we should make sure it's easy to get back to the previous state (and we should validate it) |
This is done with Here is the test that verifies that adding it behaves the same way as before in terms of bicep resources. I also validated it in playground. |
|
OK let's go with it. Open up a breaking change issue? |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
sebastienros
force-pushed
the
sebros/cosmosidentity
branch
from
a78e929 to
518efec
Compare
| /// <summary> | ||
| /// Gets the "connectionString" reference from the secret outputs of the Azure Cosmos DB resource. | ||
| /// </summary> | ||
| public BicepSecretOutputReference ConnectionString => new("connectionString", this); |
There was a problem hiding this comment.
Is this property used anymore? I don't see it being used now that we have internal BicepSecretOutputReference? ConnectionStringSecretOutput { get; set; }.
There was a problem hiding this comment.
I don't think it is, but it's public so couldn't remove
There was a problem hiding this comment.
As a reminder, it started with you asking to change the type to BicepOutputReference, which we couldn't so we don't break, and we created the new one.
There was a problem hiding this comment.
Can we make it nullable and log it as a breaking change?
There was a problem hiding this comment.
A very minor breaking change that I don't think would affect anyone.
Description
Fixes #3792
Checklist
<remarks />and<code />elements on your triple slash comments?breaking-changetemplate):doc-ideatemplate):