-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Task] API to use Managed Identity to authenticate against Cosmos DB #345
Labels
Milestone
Comments
tamirkamara
changed the title
API to use Managed Identity to authenticate against Cosmos DB
[Story] API to use Managed Identity to authenticate against Cosmos DB
Aug 8, 2021
tamirkamara
added
the
story
Stories are the smallest unit of work to be done for a project.
label
Aug 8, 2021
This is the best I came up with: from azure.cosmos import CosmosClient
from azure.identity import DefaultAzureCredential
from azure.mgmt.cosmosdb import CosmosDBManagementClient
subscription_id = "..."
resource_group = "..."
account_name = "..."
credential = DefaultAzureCredential()
dbmgmt = CosmosDBManagementClient(credential, subscription_id, "https://management.azure.com")
keys = dbmgmt.database_accounts.list_keys(resource_group, account_name)
client = CosmosClient(url="...", credential=keys.primary_master_key) |
deniscep
changed the title
[Story] API to use Managed Identity to authenticate against Cosmos DB
[Task] API to use Managed Identity to authenticate against Cosmos DB
Aug 11, 2021
deniscep
removed
the
story
Stories are the smallest unit of work to be done for a project.
label
Aug 11, 2021
This was referenced Aug 11, 2021
This is now possible in the SDK without using a master key, I will reopen and submit a PR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
**Is your feature request related to a problem?
Currently the API use an API key
STATE_STORE_KEY
to authenticate against Cosmos DB. The API uses Managed Identity to authenticate against Azure Service Bus.**Describe the solution you'd like
Using the same simplified access pattern to authenticate from the API to Azure resource.
Note: looks like Cosmos data-plane doesn't really support managed identity (in Python at least) but there might be a way to do this:
https://github.com/MicrosoftDocs/azure-docs/issues/29762
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-cosmos-db
The text was updated successfully, but these errors were encountered: