First
Currently, all methods accept a "RID link" (i.e. a "self link") only, such as dbs/9ihLAA==/colls/9ihLANgYXow=/
Because RIDs are generated within Cosmos DB, we can't always know them beforehand. There are situations (such as some we're encountering in Dapr) where we have no way to retrieve a RID.
This PR changes the authentication routines to allow passing links with IDs too, such as dbs/dapre2e/colls/items/.
Second
Certain operations are not possible when requests are authenticated using Azure AD, namely CRUD operations on stored procedures and UDFs (however, invoking a SP is always possible). This change returns an error if a user tries to invoke those methods while being auth'd with Azure AD.
Third
This is a minor fix, but it changes the way AAD tokens are refreshed, adding a context and a timeout. This is important because if the refresh requests hangs, we want to have a timeout in place (set to 10 seconds, which should be reasonable).
Note that this is technically a breaking change because it changes the ServicePrincipalProvider interface. However, that interface was always used to indicate the need for an *adal.ServicePrincipalToken, which implements both methods. So in practice (unless users were using this SDK in unexpected ways), nothing should break.
This PR includes three changes:
First Currently, all methods accept a "RID link" (i.e. a "self link") only, such as
dbs/9ihLAA==/colls/9ihLANgYXow=/
Because RIDs are generated within Cosmos DB, we can't always know them beforehand. There are situations (such as some we're encountering in Dapr) where we have no way to retrieve a RID.
This PR changes the authentication routines to allow passing links with IDs too, such as
dbs/dapre2e/colls/items/
.Second
Certain operations are not possible when requests are authenticated using Azure AD, namely CRUD operations on stored procedures and UDFs (however, invoking a SP is always possible). This change returns an error if a user tries to invoke those methods while being auth'd with Azure AD.
Third
This is a minor fix, but it changes the way AAD tokens are refreshed, adding a context and a timeout. This is important because if the refresh requests hangs, we want to have a timeout in place (set to 10 seconds, which should be reasonable).
Note that this is technically a breaking change because it changes the
ServicePrincipalProvider
interface. However, that interface was always used to indicate the need for an*adal.ServicePrincipalToken
, which implements both methods. So in practice (unless users were using this SDK in unexpected ways), nothing should break.PS: This fixes #29 too