Merge pull request #2 from Anders-Toegersen/feature/introduce-managed-identity-configuration

Introduce Managed Identity configuration

Author: Anders-Toegersen

.editorconfig

@@ -506,4 +506,5 @@ dotnet_diagnostic.S1135.severity = suggestion       # https://github.com/atc-net
 dotnet_diagnostic.CA1062.severity = none            # Do not demand null-checking when using nullable reference types.
 dotnet_diagnostic.SA1011.severity = none            # Space needed after closing square bracet "]" needed for nullable arrays
 dotnet_diagnostic.SA1401.severity = none			# Field should be private
-dotnet_diagnostic.CA1051.severity = none			# Do not declare visible instance fields
+dotnet_diagnostic.CA1051.severity = none			# Do not declare visible instance fields
+dotnet_diagnostic.CA1812.severity = none			# Internal classes are instantiated by IoC

Atc.Azure.Messaging.sln

@@ -1,31 +1,31 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 17
-VisualStudioVersion = 17.0.31903.59
-MinimumVisualStudioVersion = 15.0.26124.0
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Atc.Azure.Messaging", "src\Atc.Azure.Messaging\Atc.Azure.Messaging.csproj", "{2F7702F2-A407-41FB-8C88-7C066237BC75}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Atc.Azure.Messaging.Tests", "test\Atc.Azure.Messaging.Tests\Atc.Azure.Messaging.Tests.csproj", "{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Release|Any CPU.Build.0 = Release|Any CPU
-		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {1EC093F7-1E03-4088-BA72-0DEB39AFEE82}
-	EndGlobalSection
-EndGlobal
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 15.0.26124.0
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Atc.Azure.Messaging", "src\Atc.Azure.Messaging\Atc.Azure.Messaging.csproj", "{2F7702F2-A407-41FB-8C88-7C066237BC75}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Atc.Azure.Messaging.Tests", "test\Atc.Azure.Messaging.Tests\Atc.Azure.Messaging.Tests.csproj", "{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2F7702F2-A407-41FB-8C88-7C066237BC75}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0C49EE44-DAE3-4A7C-9D2D-D1190CAC85F0}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {1EC093F7-1E03-4088-BA72-0DEB39AFEE82}
+	EndGlobalSection
+EndGlobal

README.md

@@ -37,6 +37,46 @@ builder.Services.AddSwaggerGen();
 builder.Services.ConfigureMessagingServices(builder.Configuration);
 ```
 
+## Connecting with Managed Identity
+
+When connecting with Managed Identity you need to setup your configuration accordingly.
+
+The following is an example of how you would configure your EventHub or ServiceBus with Managed Identity for [ATC Azure Options](https://github.com/atc-net/atc-azure-options)
+
+```json
+{  
+  "EventHubOptions": {
+    "FullyQualifiedNamespace": "[your eventhub namespace].servicebus.windows.net"
+  },
+  "ServiceBusOptions": {
+    "FullyQualifiedNamespace": "[your servicebus namespace].servicebus.windows.net"
+  },
+  "ClientAuthorizationOptions": {
+    "TenantId": "[your tenant id]"
+  },
+  "EnvironmentOptions": {
+    "EnvironmentType": "[Local/DevTest/Production]"
+  }
+}
+```
+
+It is important that the logged-in user/application has the `Azure Service Bus Data Sender` or `Azure Service Bus Data Owner` build-in role for [ServiceBus](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity#azure-built-in-roles-for-azure-service-bus).
+
+And the corresponding `Azure Event Hubs Data Sender` or `Azure Event Hubs Data Owner` build-in roles for [Eventhubs](https://learn.microsoft.com/en-us/azure/event-hubs/authenticate-application#built-in-roles-for-azure-event-hubs)
+
+The dependencies are registered using `ConfigureMessagingServices(IConfiguration, bool)` for the default implementation of [IAzureCredentialOptionsProvider](https://github.com/atc-net/atc-azure-options/blob/main/src/Atc.Azure.Options/Providers/AzureCredentialOptionsProvider.cs) and `ConfigureMessagingServices(IConfiguration, bool, IAzureCredentialOptionsProvider)` if you wish to use your own implementation of `IAzureCredentialOptionsProvider`.
+
+Here's an example of the default implementation using a Minimal API setup
+
+```csharp
+var builder = WebApplication.CreateBuilder(args);
+builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddSwaggerGen();
+
+// Register Atc.Azure.Messaging dependencies
+builder.Services.ConfigureMessagingServices(builder.Configuration, true);
+```
+
 ## Publishing to EventHub
 
 To publish events to an EventHub you need an instance of `IEventHubPublisher`, this can be constructed via the `IEventHubPublisherFactory` which exposes the `Create(string eventHubName)` method

sample/SampleApi/Program.cs

@@ -12,7 +12,8 @@
 builder.Services.AddSingleton<SendDataHandler>();
 
 // Register Atc.Azure.Messaging dependencies
-builder.Services.ConfigureMessagingServices(builder.Configuration);
+var useManagedIdentity = false;
+builder.Services.ConfigureMessagingServices(builder.Configuration, useManagedIdentity);
 
 var app = builder.Build();
 app.UseHttpsRedirection();
@@ -38,15 +39,14 @@ public SendDataHandler(
         IEventHubPublisherFactory eventHubFactory,
         IServiceBusPublisher serviceBusPublisher)
     {
-        eventHubPublisher = eventHubFactory.Create("[existing eventhub");
+        eventHubPublisher = eventHubFactory.Create("[existing eventhub]");
         this.serviceBusPublisher = serviceBusPublisher;
     }
 
     public async Task<Response> Post(Request request)
     {
         await eventHubPublisher.PublishAsync(request);
-
-        await serviceBusPublisher.PublishAsync("existing topic|queue", request);
+        await serviceBusPublisher.PublishAsync("[existing topic|queue]", request);
 
         return new Response(
             Guid.NewGuid().ToString("N"),

sample/SampleApi/appsettings.json

@@ -8,5 +8,14 @@
   "AllowedHosts": "*",
   "EventHubOptions": {
     "ConnectionString": "Endpoint=sb://[your eventhub namespace].servicebus.windows.net/;SharedAccessKeyName=[eventhub name];SharedAccessKey=[sas key]"
+  },
+  "ServiceBusOptions": {
+    "FullyQualifiedNamespace": "[your servicebus namespace].servicebus.windows.net"
+  },
+  "ClientAuthorizationOptions": {
+    "TenantId": "[your tenant id]"
+  },
+  "EnvironmentOptions": {
+    "EnvironmentType": "Local"
   }
 }

src/Atc.Azure.Messaging/Atc.Azure.Messaging.csproj

@@ -11,11 +11,11 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <None Include="..\..\README.md" Pack="true" PackagePath="\"/>
+    <None Include="..\..\README.md" Pack="true" PackagePath="\" />
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Atc.Azure.Options" Version="3.0.14" />
+    <PackageReference Include="Atc.Azure.Options" Version="3.0.18" />
     <PackageReference Include="Azure.Messaging.EventHubs" Version="5.7.0" />
     <PackageReference Include="Azure.Messaging.ServiceBus" Version="7.8.1" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="6.0.0" />

src/Atc.Azure.Messaging/EventHub/EventHubCredentialsPublisherFactory.cs

@@ -0,0 +1,39 @@
+using System.Diagnostics.CodeAnalysis;
+using Atc.Azure.Options.Authorization;
+using Atc.Azure.Options.Environment;
+using Atc.Azure.Options.EventHub;
+using Atc.Azure.Options.Providers;
+using Azure.Identity;
+using Azure.Messaging.EventHubs.Producer;
+
+namespace Atc.Azure.Messaging.EventHub;
+
+[SuppressMessage(
+    "Reliability",
+    "CA2000:Dispose objects before losing scope",
+    Justification = "EventHubPublisher is responsible for disposing EventHubProducerClient")]
+internal sealed class EventHubCredentialsPublisherFactory : IEventHubPublisherFactory
+{
+    private readonly string fullyQualifiedNamespace;
+    private readonly DefaultAzureCredentialOptions credentialOptions;
+
+    public EventHubCredentialsPublisherFactory(
+        EventHubOptions options,
+        EnvironmentOptions environmentOptions,
+        ClientAuthorizationOptions clientCredentialOptions,
+        IAzureCredentialOptionsProvider credentialOptionsProvider)
+    {
+        this.fullyQualifiedNamespace = options.FullyQualifiedNamespace;
+        this.credentialOptions = credentialOptionsProvider
+            .GetAzureCredentialOptions(
+                environmentOptions,
+                clientCredentialOptions);
+    }
+
+    public IEventHubPublisher Create(string eventHubName)
+        => new EventHubPublisher(
+                new EventHubProducerClient(
+                    fullyQualifiedNamespace,
+                    eventHubName,
+                    new DefaultAzureCredential(credentialOptions)));
+}

src/Atc.Azure.Messaging/EventHub/EventHubPublisher.cs

@@ -5,7 +5,7 @@
 
 namespace Atc.Azure.Messaging.EventHub;
 
-public sealed class EventHubPublisher : IEventHubPublisher
+internal sealed class EventHubPublisher : IEventHubPublisher
 {
     private readonly EventHubProducerClient client;
 

src/Atc.Azure.Messaging/EventHub/EventHubPublisherFactory.cs

@@ -1,11 +1,14 @@
+using System.Diagnostics.CodeAnalysis;
 using Atc.Azure.Options.EventHub;
 using Azure.Messaging.EventHubs.Producer;
 
 namespace Atc.Azure.Messaging.EventHub;
 
-#pragma warning disable CA2000 // Dispose objects before losing scope
-
-public class EventHubPublisherFactory : IEventHubPublisherFactory
+[SuppressMessage(
+    "Reliability",
+    "CA2000:Dispose objects before losing scope",
+    Justification = "EventHubPublisher is responsible for disposing EventHubProducerClient")]
+internal sealed class EventHubPublisherFactory : IEventHubPublisherFactory
 {
     private readonly string connectionString;
 

src/Atc.Azure.Messaging/EventHub/IEventHubPublisher.cs

@@ -1,5 +1,11 @@
-namespace Atc.Azure.Messaging.EventHub;
+namespace Atc.Azure.Messaging.EventHub;
 
+/// <summary>
+/// Publisher responsible for publishing objects with metadata to a specific EventHub.
+/// </summary>
+/// <remarks>
+/// Is safe to cache and use in singletons for the lifetime of the application.
+/// </remarks>
 public interface IEventHubPublisher : IAsyncDisposable
 {
     Task PublishAsync(