[core-http] Proxy - Basic authentication support for storage-blob #5009
Conversation
HarshaNalluru
requested review from
daviwil,
jeremymeng,
jiacfan,
vinjiang and
XiaoningLiu
as code owners
HarshaNalluru
changed the title
HarshaNalluru
added
Azure.Core
Client
HarshaNalluru
requested review from
bterlson,
ramya-rao-a and
sophiajt
and removed request for
vinjiang and
jiacfan
|
It would be ideal if |
|
Ideally, the updates to
|
Created an issue - #5011 |
| proxyUrl?: string, | ||
| username?: string, | ||
| password?: string | ||
| ): ProxySettings | undefined { | ||
| if (!proxyUrl) { | ||
| proxyUrl = loadEnvironmentProxyValue(); |
There was a problem hiding this comment.
How does this work with environment proxies?
There was a problem hiding this comment.
Implementation of loadEnvironmentProxyValue()
azure-sdk-for-js/sdk/core/core-http/lib/policies/proxyPolicy.ts
Lines 16 to 32 in 87a1397
It is not obvious on how(or why) someone would set username/password as environment variables to load them from the environment with loadEnvironmentProxyValue.
We can go for some syntax like http://username:password@ipaddress:port for the proxyUrl variable and parse it properly.
Or we can avoid using getDefaultProxySettings like mentioned below - #5009 (comment).
Thoughts?
There was a problem hiding this comment.
Looking at the .NET tests they do support urls with credentials.
There was a problem hiding this comment.
Supporting parsing http://username:password@ipaddress:port into a ProxySettings object seems like the right approach here.
It is not obvious on how(or why) someone would set username/password as environment variables to load them from the environment with loadEnvironmentProxyValue.
username/password are simply part of the proxy URL. One scenario I've seen many times is the proxy settings aren't controlled by the app developer but instead by the ops folks who control the production/staging environment. Devs just send requests like normal, ops folks ensure the environment variable is set properly, and everything "just works (tm)".
There was a problem hiding this comment.
I agree with @bterlson, but would keep parsing username/password from the url out of this PR and out of the current preview.
| proxy: { url: "http://localhost:3128" } | ||
| proxy: { | ||
| // username and password can be passed as additional arguments | ||
| url: "http://localhost:3128" |
There was a problem hiding this comment.
You may want to show actually passing a username and password
There was a problem hiding this comment.
Basic authentication works fine with current state of core-http if we pass in the ProxySettings as follows:
{
host: "127.0.0.1",
port: 3128,
username: "xxx",
password: "xxx"
}to the proxyPolicy() out of the box.
But if we wanted to load these values from the environment variables instead then we can have related changes in. Technically the loading can be done from SDK as well.
There was a problem hiding this comment.
@ramya0820 Good idea. I think host should also include http:// or https://.
And ProxyOptions from storage sdks can be removed in favour of ProxySettings from core-http.
We can directly pass proxySettings to the proxyPolicy() method and avoid using getDefaultProxySettings.
azure-sdk-for-js/sdk/storage/storage-blob/src/Pipeline.ts
Lines 224 to 230 in 87a1397
Thoughts, anybody ?
There was a problem hiding this comment.
Since the url to access is present on the request, believe core-http attempts to infer the protocol from it.
Came across something about username:password@host being deprecated eventually.
Overall, if ProxySettings is exposed to user to pass in, that should be sufficient I think.
cc: @bterlson @chradek @ramya-rao-a
There was a problem hiding this comment.
Personal opinion here, I defer to @bterlson for the final call:
I would expect an sdk to use getDefaultProxySettings if the user has provided no details on the proxy and we are expected to infer from the environment.
If the user is indeed providing proxy details, then I would prefer them to pass in the ProxySettings instead of the proxy url (with host + port).
There was a problem hiding this comment.
ProxyOptions should not exist and be replaced with ProxySettings.
The maximally flexible signature would take either a ProxySettings or a string proxy URL which is parsed into a ProxySettings. Given the late hour, I'm ok with punting on parsing string proxy URLs for now.
There was a problem hiding this comment.
I would suggest something like ramya-rao-a@7dfbce1
There was a problem hiding this comment.
Another option is removing the options, and solely relying on the environment variables? It's Node-only anyway.
Allow configuring username password in proxy
…alluru/azure-sdk-for-js into HTTPSProxySupportStorage
| export function getDefaultProxySettings( | ||
| proxyUrl?: string, | ||
| username?: string, | ||
| password?: string |
There was a problem hiding this comment.
@HarshaNalluru With the new set of changes, we should revert the changes to this file
There was a problem hiding this comment.
In progress. Pushing the changes.
sdk/core/core-http/lib/coreHttp.ts
Outdated
| @@ -13,7 +13,7 @@ export { OperationArguments } from "./operationArguments"; | |||
| export { OperationParameter, OperationQueryParameter, OperationURLParameter } from "./operationParameter"; | |||
| export { OperationResponse } from "./operationResponse"; | |||
| export { OperationSpec } from "./operationSpec"; | |||
| export { ServiceClient, ServiceClientOptions, flattenResponse } from "./serviceClient"; | |||
| export { ServiceClient, ServiceClientOptions, flattenResponse, ProxySettings } from "./serviceClient"; | |||
ProxySettings may have username & password, but
getDefaultProxySettingsdoesn't parse them. Storage Explorer current proxy settings need them.This PR updates the core-http's
getDefaultProxySettings. With this, basic authentication with username/password works.