From fa7c777c7c5a6bde41e19fdd17b6e86724f2b9f4 Mon Sep 17 00:00:00 2001 From: Ajaj Vanu Date: Thu, 4 Jul 2024 10:16:47 +0530 Subject: [PATCH 1/6] Cosmos managed Identity Authentication Changes --- ...CosmosDbCollectionPhysicalPartitionInfo.cs | 57 +++++++++---------- .../Storage/FhirCosmosClientInitializer.cs | 3 +- 2 files changed, 28 insertions(+), 32 deletions(-) diff --git a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs index 2c7d315501..db033b9326 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs @@ -8,6 +8,7 @@ using System.Net.Http; using System.Net.Http.Json; using System.Security.Cryptography; +using System.Security.Cryptography.Xml; using System.Text.Json; using System.Threading; using System.Threading.Tasks; @@ -18,6 +19,7 @@ using Microsoft.Health.Abstractions.Exceptions; using Microsoft.Health.Extensions.DependencyInjection; using Microsoft.Health.Fhir.Core.Extensions; +using Microsoft.Health.Fhir.Core.Features.Operations; using Microsoft.Health.Fhir.CosmosDb.Configs; namespace Microsoft.Health.Fhir.CosmosDb.Features.Storage @@ -33,19 +35,23 @@ internal class CosmosDbCollectionPhysicalPartitionInfo : IRequireInitializationO private readonly IHttpClientFactory _httpClientFactory; private readonly ILogger _logger; private readonly CancellationTokenSource _backgroundLoopCancellationTokenSource = new(); + private readonly IAccessTokenProvider _aadTokenProvider; private Task _backgroundLoopTask; public CosmosDbCollectionPhysicalPartitionInfo( + IAccessTokenProvider aadTokenProvider, CosmosDataStoreConfiguration dataStoreConfiguration, IOptionsMonitor collectionConfiguration, IHttpClientFactory httpClientFactory, ILogger logger) { + EnsureArg.IsNotNull(aadTokenProvider, nameof(aadTokenProvider)); EnsureArg.IsNotNull(dataStoreConfiguration, nameof(dataStoreConfiguration)); EnsureArg.IsNotNull(collectionConfiguration, nameof(collectionConfiguration)); EnsureArg.IsNotNull(httpClientFactory, nameof(httpClientFactory)); EnsureArg.IsNotNull(logger, nameof(logger)); + _aadTokenProvider = aadTokenProvider; _dataStoreConfiguration = dataStoreConfiguration; _collectionConfiguration = collectionConfiguration.Get(Constants.CollectionConfigurationName); _httpClientFactory = httpClientFactory; @@ -92,38 +98,10 @@ private async Task GetPhysicalPartitionCount(CancellationToken cancellation using HttpClient client = _httpClientFactory.CreateClient(); string host = _dataStoreConfiguration.Host; - string key = _dataStoreConfiguration.Key; - - if (string.IsNullOrWhiteSpace(host)) - { - if (string.IsNullOrWhiteSpace(key)) - { - host = CosmosDbLocalEmulator.Host; - key = CosmosDbLocalEmulator.Key; - } - else - { - Ensure.That(host, $"{nameof(CosmosDataStoreConfiguration)}.{nameof(CosmosDataStoreConfiguration.Host)}").IsNotNullOrEmpty(); - } - } - else if (string.IsNullOrWhiteSpace(key)) - { - Ensure.That(key, $"{nameof(CosmosDataStoreConfiguration)}.{nameof(CosmosDataStoreConfiguration.Key)}").IsNotNullOrEmpty(); - } + Ensure.That(host, $"{nameof(CosmosDataStoreConfiguration)}.{nameof(CosmosDataStoreConfiguration.Host)}").IsNotNullOrEmpty(); string date = DateTime.UtcNow.ToString("R"); - - bool isResourceToken = IsResourceToken(key); - - string authToken = HttpUtility.UrlEncode( - isResourceToken - ? key - : GenerateAuthToken( - "get", - "pkranges", - $"dbs/{_dataStoreConfiguration.DatabaseId}/colls/{_collectionConfiguration.CollectionId}", - date, - key)); + string aadToken = await GenerateAADAuthToken(host, cancellationToken); using var httpRequestMessage = new HttpRequestMessage( HttpMethod.Get, @@ -131,7 +109,7 @@ private async Task GetPhysicalPartitionCount(CancellationToken cancellation { Headers = { - { "authorization", authToken }, + { "authorization", aadToken }, { "x-ms-version", "2018-12-31" }, { "x-ms-date", date }, }, @@ -186,6 +164,23 @@ private static string GenerateAuthToken(string verb, string resourceType, string return $"type=master&ver=1.0&sig={signature}"; } + private async Task GenerateAADAuthToken(string host, CancellationToken cancellationToken) + { + string aadToken = string.Empty; + var aadResourceUri = new Uri(host); + try + { + aadToken = await _aadTokenProvider.GetAccessTokenForResourceAsync(aadResourceUri, cancellationToken); + aadToken = HttpUtility.UrlEncode($"type=aad&ver=1.0&sig={aadToken}"); + } + catch (AccessTokenProviderException ex) + { + _logger.LogWarning(ex, "Failed to get AAD access token from managed identity."); + } + + return aadToken; + } + private record PartitionKeyRange; private record PartitionKeyRangesResponse(PartitionKeyRange[] PartitionKeyRanges); diff --git a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs index 778eff6bcb..00908965da 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs @@ -9,6 +9,7 @@ using System.Linq; using System.Threading; using System.Threading.Tasks; +using Azure.Identity; using EnsureThat; using Microsoft.Azure.Cosmos; using Microsoft.Azure.Cosmos.Fluent; @@ -65,7 +66,7 @@ public CosmosClient CreateCosmosClient(CosmosDataStoreConfiguration configuratio IEnumerable requestHandlers = _requestHandlerFactory.Invoke(); - var builder = new CosmosClientBuilder(host, key) + var builder = new CosmosClientBuilder(host, new DefaultAzureCredential()) .WithConnectionModeDirect(enableTcpConnectionEndpointRediscovery: true) .WithCustomSerializer(new FhirCosmosSerializer(_logger)) .WithThrottlingRetryOptions(TimeSpan.FromSeconds(configuration.RetryOptions.MaxWaitTimeInSeconds), configuration.RetryOptions.MaxNumberOfRetries) From 01b0896debec6a6f3d32f0bd95d5b419f8eb49a7 Mon Sep 17 00:00:00 2001 From: Ajaj Vanu Date: Thu, 4 Jul 2024 13:39:41 +0530 Subject: [PATCH 2/6] Refactored Access token changes --- ...CosmosDbCollectionPhysicalPartitionInfo.cs | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs index db033b9326..da8a9f807b 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs @@ -20,7 +20,7 @@ using Microsoft.Health.Extensions.DependencyInjection; using Microsoft.Health.Fhir.Core.Extensions; using Microsoft.Health.Fhir.Core.Features.Operations; -using Microsoft.Health.Fhir.CosmosDb.Configs; +using Microsoft.Health.Fhir.CosmosDb.Core.Configs; namespace Microsoft.Health.Fhir.CosmosDb.Features.Storage { @@ -101,7 +101,7 @@ private async Task GetPhysicalPartitionCount(CancellationToken cancellation Ensure.That(host, $"{nameof(CosmosDataStoreConfiguration)}.{nameof(CosmosDataStoreConfiguration.Host)}").IsNotNullOrEmpty(); string date = DateTime.UtcNow.ToString("R"); - string aadToken = await GenerateAADAuthToken(host, cancellationToken); + string accessToken = await GenerateAccessToken(host, cancellationToken); using var httpRequestMessage = new HttpRequestMessage( HttpMethod.Get, @@ -109,7 +109,7 @@ private async Task GetPhysicalPartitionCount(CancellationToken cancellation { Headers = { - { "authorization", aadToken }, + { "authorization", accessToken }, { "x-ms-version", "2018-12-31" }, { "x-ms-date", date }, }, @@ -164,21 +164,21 @@ private static string GenerateAuthToken(string verb, string resourceType, string return $"type=master&ver=1.0&sig={signature}"; } - private async Task GenerateAADAuthToken(string host, CancellationToken cancellationToken) + private async Task GenerateAccessToken(string host, CancellationToken cancellationToken) { - string aadToken = string.Empty; - var aadResourceUri = new Uri(host); + string accessToken = string.Empty; + var resourceURI = new Uri(host); try { - aadToken = await _aadTokenProvider.GetAccessTokenForResourceAsync(aadResourceUri, cancellationToken); - aadToken = HttpUtility.UrlEncode($"type=aad&ver=1.0&sig={aadToken}"); + accessToken = await _aadTokenProvider.GetAccessTokenForResourceAsync(resourceURI, cancellationToken); + accessToken = HttpUtility.UrlEncode($"type=aad&ver=1.0&sig={accessToken}"); } catch (AccessTokenProviderException ex) { - _logger.LogWarning(ex, "Failed to get AAD access token from managed identity."); + _logger.LogError(ex, "Failed to get access token from managed identity."); } - return aadToken; + return accessToken; } private record PartitionKeyRange; From 0c6a52ede6e05da258059bb917a984af837e23f7 Mon Sep 17 00:00:00 2001 From: Ajaj Vanu Date: Thu, 11 Jul 2024 11:46:09 +0530 Subject: [PATCH 3/6] 122770 - ARM template changes for SQL managed identity authentication. --- .../templates/default-azuredeploy-docker.json | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/samples/templates/default-azuredeploy-docker.json b/samples/templates/default-azuredeploy-docker.json index 811fe3762c..b3ac3e12f5 100644 --- a/samples/templates/default-azuredeploy-docker.json +++ b/samples/templates/default-azuredeploy-docker.json @@ -468,7 +468,10 @@ "properties": { "administratorLogin": "fhirAdmin", "administratorLoginPassword": "[parameters('sqlAdminPassword')]", - "version": "12.0" + "version": "12.0", + "administrators": { + "azureADOnlyAuthentication": true + } }, "resources": [ { @@ -506,6 +509,22 @@ "startIpAddress": "0.0.0.0" }, "type": "firewallrules" + }, + { + "type": "administrators", + "name": "activeDirectory", + "apiVersion": "2023-05-01-preview", + "location": "[resourceGroup().location]", + "properties": { + "administratorType": "ActiveDirectory", + "login": "[variables('serviceName')]", + "sid": "[reference(variables('appServiceResourceId'), '2015-08-01', 'Full').Identity.principalId]", + "tenantId": "[reference(variables('appServiceResourceId'), '2015-08-01', 'Full').Identity.tenantId]", + "azureADOnlyAuthentication": true + }, + "dependsOn": [ + "[variables('sqlServerDerivedName')]" + ] } ] }, @@ -602,7 +621,7 @@ "apiVersion": "2015-06-01", "properties": { "contentType": "text/plain", - "value": "[concat('Server=tcp:', if(equals(parameters('solutionType'),'FhirServerSqlServer'), reference(variables('computedSqlServerReference'), '2015-05-01-preview').fullyQualifiedDomainName, ''),',1433;Initial Catalog=',variables('sqlDatabaseName'),';Persist Security Info=False;User ID=', if(equals(parameters('solutionType'),'FhirServerSqlServer'), reference(variables('computedSqlServerReference'), '2015-05-01-preview').administratorLogin, ''),';Password=',parameters('sqlAdminPassword'),';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]" + "value": "[concat('Server=tcp:', if(equals(parameters('solutionType'),'FhirServerSqlServer'), reference(variables('computedSqlServerReference'), '2015-05-01-preview').fullyQualifiedDomainName, ''),',1433;Initial Catalog=',variables('sqlDatabaseName'),';Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication=Active Directory Managed Identity;')]" }, "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('serviceName'))]", @@ -615,7 +634,8 @@ "apiVersion": "2019-06-01", "location": "[resourceGroup().location]", "properties": { - "supportsHttpsTrafficOnly": true + "supportsHttpsTrafficOnly": true, + "allowSharedKeyAccess": false }, "condition": "[variables('enableIntegrationStore')]", "dependsOn": [], From b63feac55c7f4fdacd962da0a32059523444e3ee Mon Sep 17 00:00:00 2001 From: Ajaj Vanu Date: Thu, 11 Jul 2024 11:51:19 +0530 Subject: [PATCH 4/6] Revert "122770 - ARM template changes for SQL managed identity authentication." This reverts commit 0c6a52ede6e05da258059bb917a984af837e23f7. --- .../templates/default-azuredeploy-docker.json | 26 +++---------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/samples/templates/default-azuredeploy-docker.json b/samples/templates/default-azuredeploy-docker.json index b3ac3e12f5..811fe3762c 100644 --- a/samples/templates/default-azuredeploy-docker.json +++ b/samples/templates/default-azuredeploy-docker.json @@ -468,10 +468,7 @@ "properties": { "administratorLogin": "fhirAdmin", "administratorLoginPassword": "[parameters('sqlAdminPassword')]", - "version": "12.0", - "administrators": { - "azureADOnlyAuthentication": true - } + "version": "12.0" }, "resources": [ { @@ -509,22 +506,6 @@ "startIpAddress": "0.0.0.0" }, "type": "firewallrules" - }, - { - "type": "administrators", - "name": "activeDirectory", - "apiVersion": "2023-05-01-preview", - "location": "[resourceGroup().location]", - "properties": { - "administratorType": "ActiveDirectory", - "login": "[variables('serviceName')]", - "sid": "[reference(variables('appServiceResourceId'), '2015-08-01', 'Full').Identity.principalId]", - "tenantId": "[reference(variables('appServiceResourceId'), '2015-08-01', 'Full').Identity.tenantId]", - "azureADOnlyAuthentication": true - }, - "dependsOn": [ - "[variables('sqlServerDerivedName')]" - ] } ] }, @@ -621,7 +602,7 @@ "apiVersion": "2015-06-01", "properties": { "contentType": "text/plain", - "value": "[concat('Server=tcp:', if(equals(parameters('solutionType'),'FhirServerSqlServer'), reference(variables('computedSqlServerReference'), '2015-05-01-preview').fullyQualifiedDomainName, ''),',1433;Initial Catalog=',variables('sqlDatabaseName'),';Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication=Active Directory Managed Identity;')]" + "value": "[concat('Server=tcp:', if(equals(parameters('solutionType'),'FhirServerSqlServer'), reference(variables('computedSqlServerReference'), '2015-05-01-preview').fullyQualifiedDomainName, ''),',1433;Initial Catalog=',variables('sqlDatabaseName'),';Persist Security Info=False;User ID=', if(equals(parameters('solutionType'),'FhirServerSqlServer'), reference(variables('computedSqlServerReference'), '2015-05-01-preview').administratorLogin, ''),';Password=',parameters('sqlAdminPassword'),';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]" }, "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('serviceName'))]", @@ -634,8 +615,7 @@ "apiVersion": "2019-06-01", "location": "[resourceGroup().location]", "properties": { - "supportsHttpsTrafficOnly": true, - "allowSharedKeyAccess": false + "supportsHttpsTrafficOnly": true }, "condition": "[variables('enableIntegrationStore')]", "dependsOn": [], From a3eb589f8f09d69b8f325291ac1b87085f574baf Mon Sep 17 00:00:00 2001 From: Ajaj Vanu Date: Wed, 24 Jul 2024 12:43:40 +0530 Subject: [PATCH 5/6] Removed all keys references --- .../Configs/CosmosDataStoreConfiguration.cs | 2 -- .../Versioning/CollectionUpgradeManagerTests.cs | 1 - .../Versioning/DataPlaneCollectionSetupTests.cs | 1 - .../CosmosDbCollectionPhysicalPartitionInfo.cs | 11 ----------- .../Features/Storage/CosmosDbLocalEmulator.cs | 1 - .../Features/Storage/FhirCosmosClientInitializer.cs | 4 +--- .../Rest/InProcTestFhirServer.cs | 4 ++-- .../Persistence/CosmosDbFhirStorageTestsFixture.cs | 1 - 8 files changed, 3 insertions(+), 22 deletions(-) diff --git a/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs b/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs index eb21be6264..d37e470d2e 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs @@ -12,8 +12,6 @@ public class CosmosDataStoreConfiguration { public string Host { get; set; } - public string Key { get; set; } - public string DatabaseId { get; set; } public int? InitialDatabaseThroughput { get; set; } diff --git a/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/CollectionUpgradeManagerTests.cs b/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/CollectionUpgradeManagerTests.cs index 83e9392a95..d44cd029b1 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/CollectionUpgradeManagerTests.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/CollectionUpgradeManagerTests.cs @@ -34,7 +34,6 @@ public class CollectionUpgradeManagerTests ConnectionMode = ConnectionMode.Direct, DatabaseId = "testdatabaseid", Host = "https://fakehost", - Key = "ZmFrZWtleQ==", // "fakekey" PreferredLocations = null, }; diff --git a/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/DataPlaneCollectionSetupTests.cs b/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/DataPlaneCollectionSetupTests.cs index bfaceae3b5..ecf5c2cbb5 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/DataPlaneCollectionSetupTests.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb.UnitTests/Features/Storage/Versioning/DataPlaneCollectionSetupTests.cs @@ -39,7 +39,6 @@ public class DataPlaneCollectionSetupTests ConnectionMode = ConnectionMode.Direct, DatabaseId = "testdatabaseid", Host = "https://fakehost", - Key = "ZmFrZWtleQ==", // "fakekey" PreferredLocations = null, }; diff --git a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs index da8a9f807b..2332c48950 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs @@ -153,17 +153,6 @@ public async ValueTask DisposeAsync() } } - private static string GenerateAuthToken(string verb, string resourceType, string resourceId, string date, string key) - { - string payLoad = $"{verb.ToLowerInvariant()}\n{resourceType.ToLowerInvariant()}\n{resourceId}\n{date.ToLowerInvariant()}\n\n"; - - using var hmacSha256 = new HMACSHA256 { Key = Convert.FromBase64String(key) }; - byte[] hashPayLoad = hmacSha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payLoad)); - string signature = Convert.ToBase64String(hashPayLoad); - - return $"type=master&ver=1.0&sig={signature}"; - } - private async Task GenerateAccessToken(string host, CancellationToken cancellationToken) { string accessToken = string.Empty; diff --git a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbLocalEmulator.cs b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbLocalEmulator.cs index 41710437e4..b0ba926ae1 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbLocalEmulator.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbLocalEmulator.cs @@ -8,6 +8,5 @@ namespace Microsoft.Health.Fhir.CosmosDb.Features.Storage public static class CosmosDbLocalEmulator { public const string Host = "https://localhost:8081"; - public const string Key = "C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw=="; } } diff --git a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs index aac4fed73e..46376b6371 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs @@ -106,14 +106,12 @@ await _retryExceptionPolicyFactory.RetryPolicy.ExecuteAsync(async () => private CosmosClient CreateCosmosClientInternal(CosmosDataStoreConfiguration configuration) { var host = configuration.Host; - var key = configuration.Key; - if (string.IsNullOrWhiteSpace(host) && string.IsNullOrWhiteSpace(key)) + if (string.IsNullOrWhiteSpace(host)) { _logger.LogWarning("No connection string provided, attempting to connect to local emulator."); host = CosmosDbLocalEmulator.Host; - key = CosmosDbLocalEmulator.Key; } _logger.LogInformation("Creating CosmosClient instance for {DatabaseId}, Host: {Host}", configuration.DatabaseId, host); diff --git a/test/Microsoft.Health.Fhir.Shared.Tests.E2E/Rest/InProcTestFhirServer.cs b/test/Microsoft.Health.Fhir.Shared.Tests.E2E/Rest/InProcTestFhirServer.cs index 844d7e22b7..52764bb1fa 100644 --- a/test/Microsoft.Health.Fhir.Shared.Tests.E2E/Rest/InProcTestFhirServer.cs +++ b/test/Microsoft.Health.Fhir.Shared.Tests.E2E/Rest/InProcTestFhirServer.cs @@ -10,6 +10,7 @@ using System.Reflection; using System.Threading; using System.Threading.Tasks; +using Azure.Identity; using Microsoft.AspNetCore; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Hosting; @@ -113,10 +114,9 @@ string ValueOrFallback(string configKey, string fallbackValue) } var host = ValueOrFallback("CosmosDb:Host", CosmosDbLocalEmulator.Host); - var key = ValueOrFallback("CosmosDb:Key", CosmosDbLocalEmulator.Key); var databaseId = ValueOrFallback("CosmosDb:DatabaseId", null) ?? throw new InvalidOperationException("expected CosmosDb:DatabaseId to be set in configuration"); - using var client = new CosmosClient(host, key); + using var client = new CosmosClient(host, new DefaultAzureCredential()); Container container = client.GetContainer(databaseId, collectionId); await container.DeleteContainerAsync(); }; diff --git a/test/Microsoft.Health.Fhir.Shared.Tests.Integration/Persistence/CosmosDbFhirStorageTestsFixture.cs b/test/Microsoft.Health.Fhir.Shared.Tests.Integration/Persistence/CosmosDbFhirStorageTestsFixture.cs index 5c07ab68c2..dc23314abe 100644 --- a/test/Microsoft.Health.Fhir.Shared.Tests.Integration/Persistence/CosmosDbFhirStorageTestsFixture.cs +++ b/test/Microsoft.Health.Fhir.Shared.Tests.Integration/Persistence/CosmosDbFhirStorageTestsFixture.cs @@ -80,7 +80,6 @@ public CosmosDbFhirStorageTestsFixture() _cosmosDataStoreConfiguration = new CosmosDataStoreConfiguration { Host = Environment.GetEnvironmentVariable("CosmosDb:Host") ?? CosmosDbLocalEmulator.Host, - Key = Environment.GetEnvironmentVariable("CosmosDb:Key") ?? CosmosDbLocalEmulator.Key, DatabaseId = Environment.GetEnvironmentVariable("CosmosDb:DatabaseId") ?? "FhirTests", AllowDatabaseCreation = true, PreferredLocations = Environment.GetEnvironmentVariable("CosmosDb:PreferredLocations")?.Split(';', StringSplitOptions.RemoveEmptyEntries), From 10a29b33e4cba50eb75754f76fab5a1191dd22b7 Mon Sep 17 00:00:00 2001 From: Ajaj Vanu Date: Wed, 24 Jul 2024 13:05:26 +0530 Subject: [PATCH 6/6] Added property to Cosmos data store configuration --- .../Configs/CosmosDataStoreConfiguration.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs b/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs index d37e470d2e..eb21be6264 100644 --- a/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs +++ b/src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs @@ -12,6 +12,8 @@ public class CosmosDataStoreConfiguration { public string Host { get; set; } + public string Key { get; set; } + public string DatabaseId { get; set; } public int? InitialDatabaseThroughput { get; set; }