Support for AAD Audience in connection string (for sovereign cloud) & bump in autoconfigure version #4121
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
harsimar
changed the title
harsimar
commented
Mar 21, 2025
| @@ -353,6 +359,13 @@ public ConnectionString getConnectionString() { | |||
| return connectionString; | |||
| } | |||
|
|
|||
| public String getAadAudienceWithScope() { | |||
| if (connectionString == null) { | |||
| return APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE; | |||
There was a problem hiding this comment.
This line was added because ConsumptionPlanEnabledTest & RunTimeAttachWithDelayedConnectionStringTest were failing without this check. This raises a few questions ~
- Are azure functions w/ consumption plan enabled supported in sovereign clouds? If so, would the connection string always be set with some delay? Or is it still possible in azure function consumption plans to not set the connection string with a delay?
- I noticed in these tests that the connection string is still null by the time the http pipelines are being created. Is there a need to refactor code such that http pipelines shouldn't be created unless the connection string is set to some value, or to be able to handle dynamic config for http pipeline somehow?
There was a problem hiding this comment.
The runtime attachment is related to https://learn.microsoft.com/en-us/azure/azure-monitor/app/java-spring-boot#enabling-programmatically.
The connection string can be configured at runtime (programmatically) with -javaagent or the runtime attachment.
With Azure function, the connection string retrieval is delayed:
About question 1, I don't know.
About 2, it may have several options. The place where the connection string is set at runtime (programmatic configuration or Azure function):
harsimar
requested review from
heyams,
jeanbisutti,
rajkumar-rangaraj,
ramthi,
trask and
TimothyMothra
as code owners
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix # .
Note: Don't merge until this related change from the autoconfigure module is released.
This PR incorporates connection string parsing changes from the autoconfigure module to use the AAD audience that is either provided via the connection string (or a default audience if that isn't provided). This is applicable for sovereign cloud scenarios where customers may be using AAD auth - the LazyHttpClient would use the provided audience when creating a new http pipeline, and all calls to quickpulse/breeze/profiler would be made with that audience.
Tested in sovereign cloud environment via a local build.
For significant contributions please make sure you have completed the following items: