search

Particular / NServiceBus.AzureFunctions.Worker.ServiceBus

Process messages in AzureFunctions using the Azure Service Bus trigger and the NServiceBus message pipeline.
Other
6 stars 3 forks source link

Support Microsoft Entra ID authentication #368

Closed boblangley closed 4 months ago

boblangley commented 1 year ago

Description

Microsoft Entra ID authentication is now supported for Azure Functions using the isolated worker model.

Documentation

https://docs.particular.net/nservicebus/hosting/azure-functions-service-bus/#configuration-servicebus-connection

### Describe the feature. #### Is your feature related to a problem? Please describe. Currently there is no way to configure the transport for managed identity, instead the package assumes a connection string will be used. #### Describe the requested feature Provide necessary support to the package to support [managed identity connection configuration for the Azure Service Bus transport](https://docs.particular.net/transports/azure-service-bus/configuration#connectivity-token-credentials), ideally [integrating with existing norms for connection configuration](https://learn.microsoft.com/en-us/azure/azure-functions/functions-identity-based-connections-tutorial-2#connect-to-service-bus-in-your-function-app) when using managed identity. #### Describe alternatives you've considered None ### Additional Context The missing feature was raised via: - https://github.com/Particular/NServiceBus.AzureFunctions.Worker.ServiceBus/issues/369
andreasohlund commented 1 year ago

I think the workaround mentioned in https://github.com/Particular/NServiceBus.AzureFunctions.InProcess.ServiceBus/issues/549 would work here as well until this gets addressed

DavidBoike commented 1 year ago

@andreasohlund I don't believe that workaround will work.

The Azure Service Bus transport public API only allows setting the token credential through the constructor or via a TransportExtensions extension method. The Worker model owns the usage of the constructor and as shown in this issue using configuration.AdvancedConfiguration.UseTransport(…) with a properly configured transport doesn't appear to work.

Jokelab commented 1 year ago

Subscribed to this one, since we're really waiting for this feature in Azure Functions (isolated).

mennolaan commented 10 months ago

Also subscribing to this, much needed.

mennolaan commented 10 months ago

Btw there was an attempt for a pr: https://github.com/Particular/NServiceBus.AzureFunctions.InProcess.ServiceBus/pull/718

It seems like the fix is fairly simple. Is there a reason why managed identity is not supported by particular?

It seems like the only way is to fork the repo an build a custom artifact and use that, but that is just silly.

dvdstelt commented 10 months ago

The PR was exactly that, an attempt that was unfortunately abandoned because of other priorities. I also don't have more details about that PR than that. We never really make promises about when we pick up or release features like this, but I can tell you that managed identity is very high on our radar for possibly Q1 2024.

sanfordn commented 9 months ago

We've been able to use Managed Identity with NServiceBus.AzureFunctions.Worker.ServiceBus version 4.0.0-rc.2. Not sure how exactly it all works, but I thought it might be worth mentioning here.

mennolaan commented 7 months ago

Hi Guys,

Any news on this subject?

Cheers.

WilliamBZA commented 7 months ago

Yes! It's actually queued up to be worked on soon! There will be movement on this coming soon

andreasohlund commented 4 months ago

This will be shipped in 5.1.0