search

Azure / Microsoft.Azure.StackExchangeRedis

Azure-specific wrapper for the StackExchange.Redis client library
MIT License
17 stars 14 forks source link

Issues to use user managed identity on AzureChinaCloud #22

Closed Jezour closed 1 year ago

Jezour commented 1 year ago

I'm sorry for the silly question. I'm not able to use the ConfigureForAzureWithUserAssignedManagedIdentityAsync in AzureChinaCloud cloud. (I'm referring to az cloud list --output table) To test the connection via user-defined managed identity I'm using just an easy console c# app like this, and it works on AzurePublic quite ok. Unfortunately, it doesn't work in the AzureChinaCloud or I simply don't know how to use it.

using Microsoft.Azure.StackExchangeRedis;
using StackExchange.Redis;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace TestRedisManagedIdentityConnect2
{
    internal class Program
    {

        static void Main(string[] args)
        {

            if (args.Length == 1)
            {
                string connectionString = args[0];
                Console.WriteLine("Connection: [" + connectionString + "]");

                var configurationOptions = ConfigurationOptions.Parse(connectionString);
                Console.WriteLine("configurationOptions:");
                Console.WriteLine("[" + configurationOptions.ToString() + "]");
                //ConnectMe(configurationOptions);
                ConnectionMultiplexer redis = ConnectionMultiplexer.Connect(configurationOptions);
                for (int i = 0; i <= 9; i++)
                {
                    Console.WriteLine("(" + i + ") Status: [" + redis.GetStatus() + "]");
                    Console.WriteLine("(" + i + ") Counters: [" + redis.GetCounters() + "]");
                    Console.WriteLine("(" + i + ") redis.IsConnected: [" + redis.IsConnected + "]");
                    Console.WriteLine("(" + i + ") redis.database: [" + redis.GetDatabase() + "]");
                    System.Threading.Thread.Sleep(1000);
                }

            }
            else if (args.Length == 2)
            {
                string connectionString = args[0];
                string systemAssignedManagedIdentityPrincipalId = args[1];

                Console.WriteLine("Connection: [" + connectionString + "]");
                Console.WriteLine("SystemAssignedManagedIdentity PrincipalId: [" + systemAssignedManagedIdentityPrincipalId + "]");

                var configurationOptions = ConfigurationOptions.Parse(connectionString);
                configurationOptions.ConfigureForAzureWithSystemAssignedManagedIdentityAsync(systemAssignedManagedIdentityPrincipalId).GetAwaiter();

                ConnectionMultiplexer redis = ConnectionMultiplexer.ConnectAsync(configurationOptions).GetAwaiter().GetResult();

                for (int i = 0; i <= 9; i++)
                {
                    Console.WriteLine("(" + i + ") Status: [" + redis.GetStatus() + "]");
                    Console.WriteLine("(" + i + ") Counters: [" + redis.GetCounters() + "]");
                    Console.WriteLine("(" + i + ") redis.IsConnected: [" + redis.IsConnected + "]");
                    Console.WriteLine("(" + i + ") redis.database: [" + redis.GetDatabase() + "]");
                    System.Threading.Thread.Sleep(1000);
                }
            }
            else if (args.Length == 3)
            {
                string connectionString = args[0];
                string userManagedIdentityClientId = args[1]; 
                string userManagedIdentityObjectId = args[2];
                Console.WriteLine("Connection: [" + connectionString + "]");
                Console.WriteLine("UserManagedIdentity ClientId: [" + userManagedIdentityClientId + "]");
                Console.WriteLine("UserManagedIdentity ObjectId: [" + userManagedIdentityObjectId + "]");

                var configurationOptions = ConfigurationOptions.Parse(connectionString);

                configurationOptions.ConfigureForAzureWithUserAssignedManagedIdentityAsync(userManagedIdentityClientId, userManagedIdentityObjectId).GetAwaiter();

                ConnectionMultiplexer redis = ConnectionMultiplexer.ConnectAsync(configurationOptions).GetAwaiter().GetResult();

                for (int i = 0; i <= 9; i++)
                {
                    Console.WriteLine("(" + i + ") Status: [" + redis.GetStatus() + "]");
                    Console.WriteLine("(" + i + ") Counters: [" + redis.GetCounters() + "]");
                    Console.WriteLine("(" + i + ") redis.IsConnected: [" + redis.IsConnected + "]");
                    Console.WriteLine("(" + i + ") redis.database: [" + redis.GetDatabase() + "]");
                    System.Threading.Thread.Sleep(1000);
                }

            }
            else
            {
                Console.WriteLine("Wrong number of args.");
                Console.WriteLine("You can use 1 argument with the connection string");
                Console.WriteLine("or 3 arguments where the 1st is connectionstring 2nd is userManagedIdentityClientId 3rd is userManagedIdentityObjectId.");
            }

        }

    }

}

test with Accesskey (1 arg)

 .\mytest.exe "xxx.cache.chinacloudapi.cn:6380,password=xxx4TDihpAzCaOVkTDQ=,ssl=True,abortConnect=False"

Connection: [onluatcn.redis.cache.chinacloudapi.cn:6380,password=xxxlI5sv1luTPaLK2xfTqNMm8eM4TDihpAzCaOVkTDQ=,ssl=True,abortConnect=False] it's working quite fine. (redis.IsConnected: [True])

test with System Access Token (2 arg)

 .\mytest.exe "xxx.cache.chinacloudapi.cn:6380,ssl=True,abortConnect=False" 'xxxxc3e5-c42a-49af-894b-076b7790fe06'

It's NOT working. (redis.IsConnected: [False])

test with User managed Access Token (3 arg)

 .\mytest.exe "xxx.cache.chinacloudapi.cn:6380,ssl=True,abortConnect=False"  "xxxxa00c-4cca-491c-b892-7836004aa873" "xxxx8274-2d45-457c-94f2-bf102d5d7bd1"

It's NOT working. (redis.IsConnected: [False])

I would expect some switch based on the suffix like '.cache.chinacloudapi.cn' and '.cache.chinacloudapi.cn' but in be hidden also somewhere inside the Microsoft.Identity library.

The question is how should I use the Microsoft.Azure.StackExchangeRedis in AzureChinaCloud with user-defined managed identity. Is there any example where can I find more details? Or can you please put it as an example in the documentation?

philon-msft commented 1 year ago

We'll add an optional parameter to specify other clouds (including China) in the next release of the extension. See issue #20

Jezour commented 1 year ago

Is there any plan for when we can expect the next release of the extension?

Jezour commented 1 year ago

I'm sorry to disturb you again. Is there any update?

philon-msft commented 1 year ago

v2.0.0 has been released, and includes support for authenticating with Service Principals in Azure clouds other than the Public cloud. In the China cloud, you can pass AzureCloudInstance.AzureChina to ConfigureForAzureWithServicePrincipalAsync()

Please let us know if you see any issues.