Orleans.CosmosDB icon indicating copy to clipboard operation
Orleans.CosmosDB copied to clipboard

Published 20 hours ago verified publisher icon OrleansContrib

Support AAD RBAC for CosmosDB access

Open lilinvictorms opened this issue 3 years ago • 5 comments

When using managed identity to access CosmosDB with dataplane SDK, it's currently not supported to do database/container provisioning operations like create/delete.

This PR adds another CosmosClient, called ProvisionClient, to the cosmosdb options. Users can provide both clients to separate their usages:

  • ProvisionClient: this client is created with account key credentials, so it's allowed to do database/container provisioning operations;
  • Client: this is for data operations only, so it can be created with managed identity to avoid credentials refresh requirements (e.g. account key rotation).

The ProvisionClient is typically only used at service bootstrap time, so no need to think about account key rotation issue.

lilinvictorms avatar Jun 25 '21 18:06 lilinvictorms