components-contrib Update all other Azure components to use the common auth layer (and support Azure AD auth)

This is a "spin-off" from #972 given how it was merged with only 2 components updated.

Goal of this issue is to track what Azure components still need to be updated to support authentication via the "common auth layer" (implemented in #972). This enables components to authenticate with Azure using Azure AD, including support for service principals and MSI.

While updating components to use the common Azure auth layer, we have been making sure (where appropriate/relevant) to also support for other Azure clouds (Azure China, Azure Germany, Azure Gov, and also Azure Stack) and even emulators when appropriate.

Here's the list of components that use Azure and their status:

[x] bindings/azure/blobstorage - Uses keys
- [ ] Update for track2 SDK: https://github.com/dapr/components-contrib/issues/1530
- [ ] 🛑 Waiting until new version of track2 SDK
[x] bindings/azure/cosmosdb
- #1104
- [ ] Update for track 2 SDK: https://github.com/dapr/components-contrib/pull/1876
[ ] bindings/azure/eventgrid - Currently supports client credentials auth but with its own logic
[ ] bindings/azure/eventhubs - Uses keys
- 🛑 Update for track 2 SDK: Blocked because the SDK is not yet available
[x] bindings/azure/servicebusqueues
- #1201
- [x] Update for track 2 SDK: https://github.com/dapr/components-contrib/issues/1531
[X] bindings/azure/signalr - Uses "connection strings"
- #1843
- Does not use a SDK
[ ] bindings/azure/storagequeues - Uses keys
- #1842
- 🛑 Update for track 2 SDK: Blocked because the SDK is not yet available
[x] pubsub/azure/eventhubs - Uses keys
- #1292
- 🛑 Update for track 2 SDK: Blocked because the SDK is not yet available
[x] pubsub/azure/servicebus
- #1201
- [x] Update for track 2 SDK: https://github.com/dapr/components-contrib/issues/1532
[X] secretstores/azure/keyvault
- #972
- [x] Update for track 2 SDK: #1290
[X] state/azure/blobstorage
- #972
- [ ] Update fo track2 SDK: https://github.com/dapr/components-contrib/issues/1529
[x] state/azure/cosmosdb
- #1104
- [ ] Update for track 2 SDK: https://github.com/dapr/components-contrib/issues/1526
[x] state/azure/tablestorage - Uses keys
- Complete via track2 SDK update
- [X] Update for track2 SDK: https://github.com/dapr/components-contrib/issues/1528

Aug 28 '21 15:08 ItalyPaleAle

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

Oct 09 '21 22:10 dapr-bot

👋 bot!

Oct 09 '21 23:10 ItalyPaleAle

It is pinned now.

Oct 11 '21 17:10 artursouza

Azure Service Bus pubsub and bindings are handled in: https://github.com/dapr/components-contrib/pull/1201

This was done as part of the GAing process for the binding and I figured while I was there I'd get pubsub too.

Oct 15 '21 23:10 halspang

With #1290 I'm adding support for authenticating against the new "track 2" SDKs and I've updated the Key Vault secret store component. Support for the new auth library is required for all new SDKs, including Table Storage and the upcoming Cosmos DB.

Nov 11 '21 00:11 ItalyPaleAle

Needs to be implemented in EventHubs. Probably together with this issue: https://github.com/dapr/components-contrib/issues/2101

Sep 20 '22 18:09 berndverst

Is there support for using Azure CLI to retrieve credentials when running locally?

Dec 14 '22 23:12 onionhammer

At this point, it seems all Azure components support Azure AD.

Almost all have also been updated to the "track 2" SDKs, with the only exception being Azure Storage Queues. That SDK is expected in a few weeks / months, so we'll do the upgrade once it's available.

Probably safe to close this issue @berndverst

Jan 27 '23 00:01 ItalyPaleAle

Is there a plan to include support for MSI for Event Grid as well anytime soon?

Feb 15 '23 14:02 ana-cozma

@ana-cozma Event Grid should work with MSI in Dapr 1.10

Feb 15 '23 17:02 ItalyPaleAle

This is now complete in Dapr 1.11 (Storage Queues was upgraded as well)

Feb 27 '23 22:02 berndverst

Hi Team!

We are trying to use "state.sqlserver" component configured to use User-Managed-Identity to connect to Azure SQL Server Database instance. Is that supported?

I'm facing this issue when trying to connect to SQL: [INIT_COMPONENT_FAILURE]: initialization error occurred for <componentName>-statestore (state.sqlserver/v1): failed to create db database: mssql: login error: Login failed for user '<MyUserManagedIdentityClientId>'." app_id=<appid> instance=<revisionInstance> scope=dapr.runtime type=log ver=1.10.4-msft-2

SqlConnectionString: Server=<MySqlServerInstance>.database.windows.net;Authentication=**Active Directory Managed Identity**;Encrypt=True;User Id=<MyUserManagedIdentityClientId>;Database=<MyDatabaseName>

We are deploying via Bicep Tempalte: resource resource_daprSecretStore 'Microsoft.App/managedEnvironments/daprComponents@2022-06-01-preview' = { name: statestoreName parent: resource_environment properties: { componentType: 'state.sqlserver' version: 'v1' metadata: [ { name: 'connectionString' secretRef: keyVaultConenctionStringSecretName } { name: 'tableName' value: tableName } { name: 'schema' value: schemaName } ] scopes: [ daprAppName ] secretStoreComponent: secretStoreName } }

Appreciate any help, thanks!

Mar 30 '23 08:03 giovanidecusati

@giovanidecusati thanks for the report. I've created a new issue for this #2726 This way we can keep track of that, since this is a closed issue for work that's been completed

Mar 30 '23 14:03 ItalyPaleAle

components-contrib components-contrib copied to clipboard

Update all other Azure components to use the common auth layer (and support Azure AD auth)

components-contrib
components-contrib copied to clipboard