Merge branch 'dev' into dev-feature-sdkmigration

Author: drewgillies

build/init.ps1

@@ -76,11 +76,13 @@ Function Get-BuildTools {
         $FileDirectory = Join-Path $NuGetClientRoot $Path
         $FilesToMove = Get-ChildItem -Path $FolderUri -File
         foreach ($File in $FilesToMove) {
-            if (-not (Test-Path (Join-Path $FileDirectory $File))) {
-                $File | Move-Item -Destination $FileDirectory
+            $DestinationFile = Join-Path $FileDirectory $File.Name
+            
+            if (-not (Test-Path $DestinationFile)) {
+                Move-Item -Path $File.FullName -Destination $FileDirectory
             }
             else {
-                Write-Host "File '$File' already exists, skipping" -ForegroundColor Blue
+                Write-Host "File '$($File.Name)' already exists, skipping" -ForegroundColor Blue
             }
         }
 

src/NuGet.Jobs.Catalog2Registration/DependencyInjectionExtensions.cs

@@ -28,13 +28,8 @@ public static ContainerBuilder AddCatalog2Registration(this ContainerBuilder con
             RegisterCursorStorage(containerBuilder);
 
             containerBuilder
-                .Register<ICloudBlobClient>(c =>
-                {
-                    var options = c.Resolve<IOptionsSnapshot<Catalog2RegistrationConfiguration>>();
-                    return new CloudBlobClientWrapper(
-                        options.Value.StorageConnectionString,
-                        requestTimeout: DefaultBlobRequestOptions.ServerTimeout);
-                });
+                .RegisterStorageAccount<Catalog2RegistrationConfiguration>(c => c.StorageConnectionString, requestTimeout: DefaultBlobRequestOptions.ServerTimeout)
+                .As<ICloudBlobClient>();
 
             containerBuilder.Register(c => new Catalog2RegistrationCommand(
                 c.Resolve<ICollector>(),

src/NuGet.Jobs.Common/JsonConfigurationJob.cs

@@ -167,6 +167,7 @@ protected virtual void ConfigureDefaultJobServices(IServiceCollection services,
             services.Configure<ValidationDbConfiguration>(configurationRoot.GetSection(ValidationDbConfigurationSectionName));
             services.Configure<ServiceBusConfiguration>(configurationRoot.GetSection(ServiceBusConfigurationSectionName));
             services.Configure<ValidationStorageConfiguration>(configurationRoot.GetSection(ValidationStorageConfigurationSectionName));
+            services.ConfigureStorageMsi(configurationRoot);
 
             services.AddSingleton(new TelemetryClient(ApplicationInsightsConfiguration.TelemetryConfiguration));
             services.AddTransient<ITelemetryClient, TelemetryClientWrapper>();
@@ -197,13 +198,7 @@ private void AddScopedSqlConnectionFactory<TDbConfiguration>(IServiceCollection
         public static void ConfigureFeatureFlagAutofacServices(ContainerBuilder containerBuilder)
         {
             containerBuilder
-                .Register(c =>
-                {
-                    var options = c.Resolve<IOptionsSnapshot<FeatureFlagConfiguration>>();
-                    return new CloudBlobClientWrapper(
-                        options.Value.ConnectionString,
-                        requestTimeout: TimeSpan.FromMinutes(2));
-                })
+                .RegisterStorageAccount<FeatureFlagConfiguration>(c => c.ConnectionString, requestTimeout: TimeSpan.FromMinutes(2))
                 .Keyed<ICloudBlobClient>(FeatureFlagBindingKey);
 
             containerBuilder

src/NuGet.Jobs.Common/StorageAccountExtensions.cs

@@ -0,0 +1,137 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Autofac;
+using Autofac.Builder;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using NuGet.Services.Configuration;
+using NuGetGallery;
+
+namespace NuGet.Jobs
+{
+    public static class StorageAccountHelper
+    {
+        public static IServiceCollection ConfigureStorageMsi(
+            this IServiceCollection serviceCollection,
+            IConfiguration configuration,
+            string storageUseManagedIdentityPropertyName = null,
+            string storageManagedIdentityClientIdPropertyName = null)
+        {
+            if (serviceCollection == null)
+            {
+                throw new ArgumentNullException(nameof(serviceCollection));
+            }
+            if (configuration == null)
+            {
+                throw new ArgumentNullException(nameof(configuration));
+            }
+
+            storageUseManagedIdentityPropertyName ??= Constants.StorageUseManagedIdentityPropertyName;
+            storageManagedIdentityClientIdPropertyName ??= Constants.StorageManagedIdentityClientIdPropertyName;
+
+            string useManagedIdentityStr = configuration[storageUseManagedIdentityPropertyName];
+            bool useManagedIdentity = false;
+
+            string managedIdentityClientId = string.IsNullOrWhiteSpace(configuration[storageManagedIdentityClientIdPropertyName])
+                                                ? configuration[Constants.ManagedIdentityClientIdKey]
+                                                : configuration[storageManagedIdentityClientIdPropertyName];
+
+            if (!string.IsNullOrWhiteSpace(useManagedIdentityStr))
+            {
+                useManagedIdentity = bool.Parse(useManagedIdentityStr);
+            }
+            return serviceCollection.Configure<StorageMsiConfiguration>(storageConfiguration =>
+            {
+                storageConfiguration.UseManagedIdentity = useManagedIdentity;
+                storageConfiguration.ManagedIdentityClientId = managedIdentityClientId;
+            });
+        }
+
+        public static CloudBlobClientWrapper CreateCloudBlobClient(
+            this IServiceProvider serviceProvider,
+            string storageConnectionString,
+            bool readAccessGeoRedundant = false,
+            TimeSpan? requestTimeout = null)
+        {
+            if (serviceProvider == null)
+            {
+                throw new ArgumentNullException(nameof(serviceProvider));
+            }
+            if (string.IsNullOrWhiteSpace(storageConnectionString))
+            {
+                throw new ArgumentException($"{nameof(storageConnectionString)} cannot be null or empty.", nameof(storageConnectionString));
+            }
+
+            var msiConfiguration = serviceProvider.GetRequiredService<IOptions<StorageMsiConfiguration>>().Value;
+            return CreateCloudBlobClient(
+                msiConfiguration,
+                storageConnectionString,
+                readAccessGeoRedundant,
+                requestTimeout);
+        }
+
+        public static IRegistrationBuilder<CloudBlobClientWrapper, SimpleActivatorData, SingleRegistrationStyle> RegisterStorageAccount<TConfiguration>(
+            this ContainerBuilder builder,
+            Func<TConfiguration, string> getConnectionString,
+            Func<TConfiguration, bool> getReadAccessGeoRedundant = null,
+            TimeSpan? requestTimeout = null)
+            where TConfiguration : class, new()
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+            if (getConnectionString == null)
+            {
+                throw new ArgumentNullException(nameof(getConnectionString));
+            }
+
+            return builder.Register(c =>
+            {
+                var options = c.Resolve<IOptionsSnapshot<TConfiguration>>();
+                string storageConnectionString = getConnectionString(options.Value);
+                bool readAccessGeoRedundant = getReadAccessGeoRedundant?.Invoke(options.Value) ?? false;
+                var msiConfiguration = c.Resolve<IOptions<StorageMsiConfiguration>>().Value;
+                return CreateCloudBlobClient(
+                    msiConfiguration,
+                    storageConnectionString,
+                    readAccessGeoRedundant,
+                    requestTimeout);
+            });
+        }
+
+        private static CloudBlobClientWrapper CreateCloudBlobClient(
+            StorageMsiConfiguration msiConfiguration,
+            string storageConnectionString,
+            bool readAccessGeoRedundant = false,
+            TimeSpan? requestTimeout = null)
+        {
+            if (msiConfiguration.UseManagedIdentity)
+            {
+                if (string.IsNullOrWhiteSpace(msiConfiguration.ManagedIdentityClientId))
+                {
+                    return CloudBlobClientWrapper.UsingDefaultAzureCredential(
+                        storageConnectionString,
+                        readAccessGeoRedundant: readAccessGeoRedundant,
+                        requestTimeout: requestTimeout);
+                }
+                else
+                {
+                    return CloudBlobClientWrapper.UsingMsi(
+                        storageConnectionString,
+                        msiConfiguration.ManagedIdentityClientId,
+                        readAccessGeoRedundant,
+                        requestTimeout);
+                }
+            }
+
+            return new CloudBlobClientWrapper(
+                storageConnectionString,
+                readAccessGeoRedundant,
+                requestTimeout);
+        }
+    }
+}

src/NuGet.Jobs.Common/StorageMsiConfiguration.cs

@@ -0,0 +1,11 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGet.Jobs
+{
+    public class StorageMsiConfiguration
+    {
+        public bool UseManagedIdentity { get; set; }
+        public string ManagedIdentityClientId { get; set; }
+    }
+}

src/NuGet.Jobs.GitHubIndexer/Job.cs

@@ -42,16 +42,15 @@ protected override void ConfigureJobServices(IServiceCollection services, IConfi
             services.AddTransient<IRepositoriesCache, DiskRepositoriesCache>();
             services.AddTransient<IConfigFileParser, ConfigFileParser>();
             services.AddTransient<IRepoFetcher, RepoFetcher>();
-            services.AddTransient<ICloudBlobClient>(provider => {
-                var config = provider.GetRequiredService<IOptionsSnapshot<GitHubIndexerConfiguration>>();
-                return new CloudBlobClientWrapper(config.Value.StorageConnectionString, config.Value.StorageReadAccessGeoRedundant);
-            });
 
             services.Configure<GitHubIndexerConfiguration>(configurationRoot.GetSection(GitHubIndexerConfigurationSectionName));
         }
 
         protected override void ConfigureAutofacServices(ContainerBuilder containerBuilder, IConfigurationRoot configurationRoot)
         {
+            containerBuilder
+                .RegisterStorageAccount<GitHubIndexerConfiguration>(c => c.StorageConnectionString, c => c.StorageReadAccessGeoRedundant)
+                .As<ICloudBlobClient>();
         }
     }
 }

src/NuGet.Services.AzureSearch/DependencyInjectionExtensions.cs

@@ -19,6 +19,7 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.Rest;
+using NuGet.Jobs;
 using NuGet.Protocol;
 using NuGet.Services.AzureSearch.Auxiliary2AzureSearch;
 using NuGet.Services.AzureSearch.AuxiliaryFiles;
@@ -108,13 +109,7 @@ private static void RegisterIndexServices(ContainerBuilder containerBuilder, str
         private static void RegisterAzureSearchStorageServices(ContainerBuilder containerBuilder, string key)
         {
             containerBuilder
-                .Register<ICloudBlobClient>(c =>
-                {
-                    var options = c.Resolve<IOptionsSnapshot<AzureSearchConfiguration>>();
-                    return new CloudBlobClientWrapper(
-                        options.Value.StorageConnectionString,
-                        requestTimeout: DefaultBlobRequestOptions.ServerTimeout);
-                })
+                .RegisterStorageAccount<AzureSearchConfiguration>(c => c.StorageConnectionString, requestTimeout: DefaultBlobRequestOptions.ServerTimeout)
                 .Keyed<ICloudBlobClient>(key);
 
             containerBuilder
@@ -221,13 +216,9 @@ private static void RegisterAzureSearchStorageServices(ContainerBuilder containe
         private static void RegisterAuxiliaryDataStorageServices(ContainerBuilder containerBuilder, string key)
         {
             containerBuilder
-                .Register<ICloudBlobClient>(c =>
-                {
-                    var options = c.Resolve<IOptionsSnapshot<AuxiliaryDataStorageConfiguration>>();
-                    return new CloudBlobClientWrapper(
-                        options.Value.AuxiliaryDataStorageConnectionString,
-                        requestTimeout: DefaultBlobRequestOptions.ServerTimeout);
-                })
+                .RegisterStorageAccount<AuxiliaryDataStorageConfiguration>(
+                    c => c.AuxiliaryDataStorageConnectionString,
+                    requestTimeout: DefaultBlobRequestOptions.ServerTimeout)
                 .Keyed<ICloudBlobClient>(key);
 
             containerBuilder

src/NuGet.Services.Configuration/Constants.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace NuGet.Services.Configuration
@@ -15,5 +15,7 @@ public static class Constants
         public static string KeyVaultStoreNameKey = "KeyVault_StoreName";
         public static string KeyVaultStoreLocationKey = "KeyVault_StoreLocation";
         public static string KeyVaultSendX5c = "KeyVault_SendX5c";
+        public static string StorageUseManagedIdentityPropertyName = "Storage_UseManagedIdentity";
+        public static string StorageManagedIdentityClientIdPropertyName = "Storage_ManagedIdentityClientId";
     }
 }

src/NuGet.Services.Configuration/SecretDictionary.cs

@@ -1,11 +1,10 @@
-// Copyright (c) .NET Foundation. All rights reserved. 
+// Copyright (c) .NET Foundation. All rights reserved. 
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. 
 
 using System;
 using System.Collections;
 using System.Collections.Generic;
 using System.Linq;
-using System.Threading.Tasks;
 using NuGet.Services.KeyVault;
 
 namespace NuGet.Services.Configuration
@@ -122,14 +121,9 @@ private string InjectOrSkip(string key, string value)
         {
             if (!_notInjectedKeys.Contains(key))
             {
-                return Inject(value).Result;
+                return _secretInjector.Inject(value);
             }
             return value;
         }
-
-        private Task<string> Inject(string value)
-        {
-            return _secretInjector.InjectAsync(value);
-        }
     }
 }