Migrate StatusAggregator job to MSI storage authentication (#10328)

Co-authored-by: Advay Tandon <[email protected]>

Author: drewgillies

src/NuGet.Jobs.Common/StorageAccountExtensions.cs

@@ -141,9 +141,7 @@ public static TableServiceClient CreateTableServiceClient(
             }
 
             StorageMsiConfiguration msiConfiguration = serviceProvider.GetRequiredService<IOptions<StorageMsiConfiguration>>().Value;
-            return CreateTableServiceClientClient(
-                msiConfiguration,
-                storageConnectionString);
+            return CreateTableServiceClient(msiConfiguration, storageConnectionString);
         }
 
         public static IRegistrationBuilder<TableServiceClient, SimpleActivatorData, SingleRegistrationStyle> RegisterTableServiceClient<TConfiguration>(
@@ -165,9 +163,7 @@ public static IRegistrationBuilder<TableServiceClient, SimpleActivatorData, Sing
                 IOptionsSnapshot<TConfiguration> options = c.Resolve<IOptionsSnapshot<TConfiguration>>();
                 string storageConnectionString = getConnectionString(options.Value);
                 StorageMsiConfiguration msiConfiguration = c.Resolve<IOptions<StorageMsiConfiguration>>().Value;
-                return CreateTableServiceClientClient(
-                    msiConfiguration,
-                    storageConnectionString);
+                return CreateTableServiceClient(msiConfiguration, storageConnectionString);
             });
         }
 
@@ -277,27 +273,27 @@ public static BlobServiceClientFactory CreateBlobServiceClientFactory(
             }
         }
 
-        private static TableServiceClient CreateTableServiceClientClient(
+        public static TableServiceClient CreateTableServiceClient(
             StorageMsiConfiguration msiConfiguration,
             string tableStorageConnectionString)
         {
             if (msiConfiguration.UseManagedIdentity)
             {
+                Uri tableEndpointUri = new Uri(tableStorageConnectionString);
+
                 if (string.IsNullOrWhiteSpace(msiConfiguration.ManagedIdentityClientId))
                 {
-                    return new TableServiceClient(new Uri(tableStorageConnectionString),
-                        new DefaultAzureCredential());
+                    return new TableServiceClient(tableEndpointUri, new DefaultAzureCredential());
                 }
                 else
                 {
-                    return new TableServiceClient(new Uri(tableStorageConnectionString),
-                        new ManagedIdentityCredential(msiConfiguration.ManagedIdentityClientId));
+                    return new TableServiceClient(tableEndpointUri, new ManagedIdentityCredential(msiConfiguration.ManagedIdentityClientId));
                 }
             }
 
             // workaround for https://github.com/Azure/azure-sdk-for-net/issues/44373
-            tableStorageConnectionString.Replace("SharedAccessSignature=?", "SharedAccessSignature=");
-            return new TableServiceClient(tableStorageConnectionString);
+            var connectionString = tableStorageConnectionString.Replace("SharedAccessSignature=?", "SharedAccessSignature=");
+            return new TableServiceClient(connectionString);
         }
     }
 }

src/NuGet.Services.Storage/AzureStorage.cs

@@ -9,6 +9,7 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Azure;
+using Azure.Data.Tables;
 using Azure.Storage.Blobs;
 using Azure.Storage.Blobs.Models;
 using Azure.Storage.Blobs.Specialized;
@@ -436,10 +437,11 @@ private Uri ResolvePathedUri(string filename)
             return ResolveUri(Path.Combine(_path, filename));
         }
 
+        // Returns the primary blob service URI from the connection string
         public static Uri GetPrimaryServiceUri(string storageConnectionString)
         {
             var tempClient = new BlobServiceClient(storageConnectionString);
-            // if _storageConnectionString has SAS token, Uri will contain SAS signature, we need to strip it 
+            // if _storageConnectionString has SAS token, Uri will contain SAS signature, we need to strip it
             return new Uri(tempClient.Uri.GetLeftPart(UriPartial.Path));
         }
     }

src/NuGet.Services.Storage/NuGet.Services.Storage.csproj

@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Data.Tables" />
     <PackageReference Include="Azure.Identity" />
     <PackageReference Include="Azure.Storage.Blobs" />
     <PackageReference Include="Azure.Storage.Queues" />

src/StatusAggregator/Container/ContainerWrapper.cs

@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.IO;
+using System.Text;
 using System.Threading.Tasks;
 using Azure.Storage.Blobs;
 
@@ -20,10 +22,13 @@ public Task CreateIfNotExistsAsync()
             return _container.CreateIfNotExistsAsync();
         }
 
-        public Task SaveBlobAsync(string name, string contents)
+        public async Task SaveBlobAsync(string name, string contents)
         {
             var blob = _container.GetBlobClient(name);
-            return blob.UploadAsync(contents);
+            using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(contents)))
+            {
+                await blob.UploadAsync(stream, overwrite: true);
+            }
         }
     }
-}
+}

src/StatusAggregator/Job.cs

@@ -115,8 +115,14 @@ private static void AddStorage(ContainerBuilder containerBuilder)
         {
             var statusStorageConnectionBuilders = new StatusStorageConnectionBuilder[]
             {
-                new StatusStorageConnectionBuilder(PrimaryStorageAccountName, configuration => configuration.StorageAccount),
-                new StatusStorageConnectionBuilder(SecondaryStorageAccountName, configuration => configuration.StorageAccountSecondary)
+                new StatusStorageConnectionBuilder(
+                        PrimaryStorageAccountName,
+                        configuration => configuration.PrimaryStorageBlobEndpoint,
+                        configuration => configuration.PrimaryStorageTableEndpoint),
+                new StatusStorageConnectionBuilder(
+                        SecondaryStorageAccountName,
+                        configuration => configuration.SecondaryStorageBlobEndpoint,
+                        configuration => configuration.SecondaryStorageTableEndpoint)
             };
 
             // Add all storages to the container by name.
@@ -165,35 +171,31 @@ private static void AddStorage(ContainerBuilder containerBuilder)
             }
         }
 
-        private static string GetConnectionString(IComponentContext ctx, StatusStorageConnectionBuilder statusStorageConnectionBuilder)
-        {
-            var configuration = ctx.Resolve<StatusAggregatorConfiguration>();
-            var connectionString = statusStorageConnectionBuilder.GetConnectionString(configuration);
-
-            // workaround for https://github.com/Azure/azure-sdk-for-net/issues/44373
-            connectionString = connectionString.Replace("SharedAccessSignature=?", "SharedAccessSignature=");
-            return connectionString;
-        }
-
         private static TableServiceClient GetTableServiceClient(IComponentContext ctx, StatusStorageConnectionBuilder statusStorageConnectionBuilder)
         {
-            string connectionString = GetConnectionString(ctx, statusStorageConnectionBuilder);
-            return new TableServiceClient(connectionString);
+            StorageMsiConfiguration storageMsiConfiguration = ctx.Resolve<IOptionsSnapshot<StorageMsiConfiguration>>().Value;
+            StatusAggregatorConfiguration configuration = ctx.Resolve<IOptionsSnapshot<StatusAggregatorConfiguration>>().Value;
+            string connectionString = statusStorageConnectionBuilder.GetTableConnectionString(configuration);
+
+            return StorageAccountHelper.CreateTableServiceClient(storageMsiConfiguration, connectionString);
         }
 
-        private static ITableWrapper GetTableWrapper(IComponentContext ctx, TableServiceClient tableServiceClient)
+        private static TableWrapper GetTableWrapper(IComponentContext ctx, TableServiceClient tableServiceClient)
         {
             var configuration = ctx.Resolve<StatusAggregatorConfiguration>();
             return new TableWrapper(tableServiceClient, configuration.TableName);
         }
 
         private static BlobServiceClient GetBlobServiceClient(IComponentContext ctx, StatusStorageConnectionBuilder statusStorageConnectionBuilder)
         {
-            string connectionString = GetConnectionString(ctx, statusStorageConnectionBuilder);
-            return new BlobServiceClient(connectionString);
+            StorageMsiConfiguration storageMsiConfiguration = ctx.Resolve<IOptionsSnapshot<StorageMsiConfiguration>>().Value;
+            StatusAggregatorConfiguration configuration = ctx.Resolve<IOptionsSnapshot<StatusAggregatorConfiguration>>().Value;
+            string connectionString = statusStorageConnectionBuilder.GetBlobConnectionString(configuration);
+
+            return StorageAccountHelper.CreateBlobServiceClient(storageMsiConfiguration, connectionString);
         }
 
-        private static IContainerWrapper GetContainerWrapper(IComponentContext ctx, BlobServiceClient blobServiceClient)
+        private static ContainerWrapper GetContainerWrapper(IComponentContext ctx, BlobServiceClient blobServiceClient)
         {
             var configuration = ctx.Resolve<StatusAggregatorConfiguration>();
             var container = blobServiceClient.GetBlobContainerClient(configuration.ContainerName);

src/StatusAggregator/StatusAggregatorConfiguration.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
@@ -8,9 +8,24 @@ namespace StatusAggregator
     public class StatusAggregatorConfiguration
     {
         /// <summary>
-        /// A connection string for the storage account to use.
+        /// A connection string for the primary storage account's blob endpoint.
         /// </summary>
-        public string StorageAccount { get; set; }
+        public string PrimaryStorageBlobEndpoint { get; set; }
+
+        /// <summary>
+        /// A connection string for the primary storage account's table endpoint.
+        /// </summary>
+        public string PrimaryStorageTableEndpoint { get; set; }
+
+        /// <summary>
+        /// A connection string for the secondary storage account's blob endpoint.
+        /// </summary>
+        public string SecondaryStorageBlobEndpoint { get; set; }
+
+        /// <summary>
+        /// A connection string for the secondary storage account's table endpoint.
+        /// </summary>
+        public string SecondaryStorageTableEndpoint { get; set; }
 
         /// <summary>
         /// The container name to export the <see cref="ServiceStatus"/> to.
@@ -22,11 +37,6 @@ public class StatusAggregatorConfiguration
         /// </summary>
         public string TableName { get; set; }
 
-        /// <summary>
-        /// A connection string for the secondary storage account to use.
-        /// </summary>
-        public string StorageAccountSecondary { get; set; }
-
         /// <summary>
         /// A list of environments to filter incidents by.
         /// See <see cref="EnvironmentFilter"/>.

src/StatusAggregator/StatusStorageConnectionBuilder.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -17,16 +17,23 @@ public class StatusStorageConnectionBuilder
         public string Name { get; }
 
         /// <summary>
-        /// Describes how to access this storage account's connection string using the job's configuration.
+        /// Describes how to access this storage account's blob connection string using the job's configuration.
         /// </summary>
-        public Func<StatusAggregatorConfiguration, string> GetConnectionString { get; }
+        public Func<StatusAggregatorConfiguration, string> GetBlobConnectionString { get; }
+
+        /// <summary>
+        /// Describes how to access this storage account's table connection string using the job's configuration.
+        /// </summary>
+        public Func<StatusAggregatorConfiguration, string> GetTableConnectionString { get; }
 
         public StatusStorageConnectionBuilder(
             string name,
-            Func<StatusAggregatorConfiguration, string> getConnectionString)
+            Func<StatusAggregatorConfiguration, string> getBlobConnectionString,
+            Func<StatusAggregatorConfiguration, string> getTableConnectionString)
         {
             Name = name ?? throw new ArgumentNullException(nameof(name));
-            GetConnectionString = getConnectionString ?? throw new ArgumentNullException(nameof(getConnectionString));
+            GetBlobConnectionString = getBlobConnectionString ?? throw new ArgumentNullException(nameof(getBlobConnectionString));
+            GetTableConnectionString = getTableConnectionString ?? throw new ArgumentNullException(nameof(getTableConnectionString));
         }
     }
 }

src/StatusAggregator/Table/TableWrapper.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -35,7 +35,7 @@ public Task CreateIfNotExistsAsync()
         public async Task<T> RetrieveAsync<T>(string rowKey) 
             where T : class, ITableEntity
         {
-            return (await _table.GetEntityAsync<T>(TablePartitionKeys.Get<T>(), rowKey)) as T;
+            return (await _table.GetEntityAsync<T>(TablePartitionKeys.Get<T>(), rowKey))?.Value as T;
         }
 
         public Task InsertAsync(ITableEntity tableEntity)