implemented ClientId authentication for all remaining targets (#173)

Co-authored-by: Stephan Steiner <[email protected]>

Author: ssteiner

src/NLog.Extensions.AzureDataTables/DataTablesTarget.cs

@@ -134,6 +134,16 @@ public override int GetHashCode()
         /// </summary>
         public Layout AccessKey { get; set; }
 
+        /// <summary>
+        /// clientId for <see cref="Azure.Identity.ClientSecretCredential"/> authentication. Requires <see cref="ServiceUri"/>, <see cref="TenantIdentity"/> and <see cref="ClientAuthSecret"/>.
+        /// </summary>
+        public Layout ClientAuthId { get; set; }
+
+        /// <summary>
+        /// clientSecret for <see cref="Azure.Identity.ClientSecretCredential"/> authentication. Requires <see cref="ServiceUri"/>, <see cref="TenantIdentity"/> and <see cref="ClientAuthId"/>.
+        /// </summary>
+        public Layout ClientAuthSecret { get; set; }
+
         /// <summary>
         /// Gets or sets the name of the Azure table where log entries will be stored.
         /// </summary>
@@ -196,6 +206,8 @@ protected override void InitializeTarget()
             string sharedAccessSignature = string.Empty;
             string accountName = string.Empty;
             string accessKey = string.Empty;
+            string clientAuthId = string.Empty;
+            string clientAuthSecret = string.Empty;
 
             var defaultLogEvent = LogEventInfo.CreateNullEvent();
 
@@ -211,9 +223,11 @@ protected override void InitializeTarget()
                     sharedAccessSignature = SharedAccessSignature?.Render(defaultLogEvent);
                     accountName = AccountName?.Render(defaultLogEvent);
                     accessKey = AccessKey?.Render(defaultLogEvent);
+                    clientAuthId = ClientAuthId?.Render(defaultLogEvent);
+                    clientAuthSecret = ClientAuthSecret?.Render(defaultLogEvent);
                 }
 
-                _cloudTableService.Connect(connectionString, serviceUri, tenantIdentity, managedIdentityResourceId, managedIdentityClientId, sharedAccessSignature, accountName, accessKey);
+                _cloudTableService.Connect(connectionString, serviceUri, tenantIdentity, managedIdentityResourceId, managedIdentityClientId, sharedAccessSignature, accountName, accessKey, clientAuthId, clientAuthSecret);
                 InternalLogger.Debug("AzureDataTablesTarget(Name={0}): Initialized", Name);
             }
             catch (Exception ex)
@@ -438,7 +452,7 @@ class CloudTableService : ICloudTableService
             private TableServiceClient _client;
             private TableClient _table;
 
-            public void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey)
+            public void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, string clientAuthId, string clientAuthSecret)
             {
                 if (string.IsNullOrWhiteSpace(serviceUri))
                 {
@@ -452,6 +466,11 @@ public void Connect(string connectionString, string serviceUri, string tenantIde
                 {
                     _client = new TableServiceClient(new Uri(serviceUri), new TableSharedKeyCredential(storageAccountName, storageAccountAccessKey));
                 }
+                else if (!string.IsNullOrEmpty(clientAuthId) && !string.IsNullOrEmpty(clientAuthSecret) && !string.IsNullOrEmpty(tenantIdentity))
+                {
+                    var tokenCredentials = new Azure.Identity.ClientSecretCredential(tenantIdentity, clientAuthId, clientAuthSecret);
+                    _client = new TableServiceClient(new Uri(serviceUri), tokenCredentials);
+                }
                 else
                 {
                     var tokenCredentials = AzureCredentialHelpers.CreateTokenCredentials(managedIdentityClientId, tenantIdentity, managedIdentityResourceId);

src/NLog.Extensions.AzureDataTables/ICloudTableService.cs

@@ -7,7 +7,7 @@ namespace NLog.Extensions.AzureStorage
 {
     interface ICloudTableService
     {
-        void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey);
+        void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, string clientAuthId, string clientAuthSecret);
         Task SubmitTransactionAsync(string tableName, IEnumerable<TableTransactionAction> tableTransaction, CancellationToken cancellationToken);
     }
 }

src/NLog.Extensions.AzureDataTables/README.md

@@ -44,6 +44,10 @@ _accountName_ - accountName for `TableSharedKeyCredential` authentication. Requi
 
 _accessKey_ - accountKey for `TableSharedKeyCredential` authentication. Requires `serviceUri` and `accountName`.
 
+_clientAuthId_ - clientId for `ClientSecretCredential` authentication. Requires `serviceUri`, `tenantIdentity` and `clientAuthSecret`.
+
+_clientAuthSecret_ - clientSecret for `ClientSecretCredential` authentication. Requires `serviceUri`,`tenantIdentity` and `clientAuthId`.
+
 _tableName_ - Azure table name. [Layout](https://github.com/NLog/NLog/wiki/Layouts)
 
 _rowKey_ - Azure Table RowKey. [Layout](https://github.com/NLog/NLog/wiki/Layouts). Default = "InverseTicks_${guid}"

src/NLog.Extensions.AzureEventGrid/EventGridTarget.cs

@@ -119,6 +119,16 @@ public string DataFormat
         /// </summary>
         public Layout SharedAccessSignature { get; set; }
 
+        /// <summary>
+        /// clientId for <see cref="Azure.Identity.ClientSecretCredential"/> authentication. Requires <see cref="TenantIdentity"/> and <see cref="ClientAuthSecret"/>.
+        /// </summary>
+        public Layout ClientAuthId { get; set; }
+
+        /// <summary>
+        /// clientSecret for <see cref="Azure.Identity.ClientSecretCredential"/> authentication. Requires <see cref="TenantIdentity"/> and <see cref="ClientAuthId"/>.
+        /// </summary>
+        public Layout ClientAuthSecret { get; set; }
+
         /// <summary>
         /// Gets a list of message properties aka. custom CloudEvent Extension Attributes
         /// </summary>
@@ -166,6 +176,8 @@ protected override void InitializeTarget()
             string managedIdentityClientId = string.Empty;
             string sharedAccessSignature = string.Empty;
             string accessKey = string.Empty;
+            string clientAuthId = string.Empty;
+            string clientAuthSecret = string.Empty;
 
             var defaultLogEvent = LogEventInfo.CreateNullEvent();
 
@@ -177,8 +189,10 @@ protected override void InitializeTarget()
                 managedIdentityClientId = ManagedIdentityClientId?.Render(defaultLogEvent);
                 sharedAccessSignature = SharedAccessSignature?.Render(defaultLogEvent);
                 accessKey = AccessKey?.Render(defaultLogEvent);
+                clientAuthId = ClientAuthId?.Render(defaultLogEvent);
+                clientAuthSecret = ClientAuthSecret?.Render(defaultLogEvent);
 
-                _eventGridService.Connect(topic, tenantIdentity, managedIdentityResourceId, managedIdentityClientId, sharedAccessSignature, accessKey);
+                _eventGridService.Connect(topic, tenantIdentity, managedIdentityResourceId, managedIdentityClientId, sharedAccessSignature, accessKey, clientAuthId, clientAuthSecret);
                 InternalLogger.Debug("AzureEventGridTarget(Name={0}): Initialized", Name);
             }
             catch (Exception ex)
@@ -221,7 +235,7 @@ private sealed class EventGridService : IEventGridService
 
             public string Topic { get; private set; }
 
-            public void Connect(string topic, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string accessKey)
+            public void Connect(string topic, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string accessKey, string clientAuthId, string clientAuthSecret)
             {
                 Topic = topic;
 
@@ -233,6 +247,11 @@ public void Connect(string topic, string tenantIdentity, string managedIdentityR
                 {
                     _client = new EventGridPublisherClient(new Uri(topic), new AzureKeyCredential(accessKey));
                 }
+                else if (!string.IsNullOrEmpty(clientAuthId) && !string.IsNullOrEmpty(clientAuthSecret) && !string.IsNullOrEmpty(tenantIdentity))
+                {
+                    var tokenCredentials = new Azure.Identity.ClientSecretCredential(tenantIdentity, clientAuthId, clientAuthSecret);
+                    _client = new EventGridPublisherClient(new Uri(topic), tokenCredentials);
+                }
                 else
                 {
                     var tokenCredentials = AzureCredentialHelpers.CreateTokenCredentials(managedIdentityClientId, tenantIdentity, managedIdentityResourceId);

src/NLog.Extensions.AzureEventGrid/IEventGridService.cs

@@ -1,18 +1,15 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
+using Azure.Messaging;
 using Azure.Messaging.EventGrid;
-using System.Threading.Tasks;
-using Azure.Messaging;
 using System.Threading;
+using System.Threading.Tasks;
 
 namespace NLog.Extensions.AzureStorage
 {
     internal interface IEventGridService
     {
         string Topic { get; }
 
-        void Connect(string topic, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string accessKey);
+        void Connect(string topic, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string accessKey, string clientAuthId, string clientAuthSecret);
 
         Task SendEventAsync(EventGridEvent gridEvent, CancellationToken cancellationToken);
 

src/NLog.Extensions.AzureEventGrid/README.md

@@ -58,6 +58,10 @@ _sharedAccessSignature_ - Access signature for `AzureSasCredential` authenticati
 
 _accessKey_ - Key for `AzureKeyCredential` authentication. Requires `serviceUri`.
 
+_clientAuthId_ - clientId for `ClientSecretCredential` authentication. Requires `tenantIdentity` and `clientAuthSecret`.
+
+_clientAuthSecret_ - clientSecret for `ClientSecretCredential` authentication. Requires `tenantIdentity` and `clientAuthId`.
+
 ### Retry Policy
 
 _taskTimeoutSeconds_ - How many seconds a Task is allowed to run before it is cancelled (Default 150 secs)

src/NLog.Extensions.AzureEventHub/EventHubTarget.cs

@@ -143,6 +143,16 @@ public class EventHubTarget : AsyncTaskTarget
         /// </summary>
         public Layout AccessKey { get; set; }
 
+        /// <summary>
+        /// clientId for <see cref="Azure.Identity.ClientSecretCredential"/> authentication. Requires <see cref="ServiceUri"/>, <see cref="TenantIdentity"/> and <see cref="ClientAuthSecret"/>.
+        /// </summary>
+        public Layout ClientAuthId { get; set; }
+
+        /// <summary>
+        /// clientSecret for <see cref="Azure.Identity.ClientSecretCredential"/> authentication. Requires <see cref="ServiceUri"/>, <see cref="TenantIdentity"/> and <see cref="ClientAuthId"/>.
+        /// </summary>
+        public Layout ClientAuthSecret { get; set; }
+
         /// <summary>
         /// The connection uses the AMQP protocol over web sockets. See also <see cref="EventHubsTransportType.AmqpWebSockets"/>
         /// </summary>
@@ -209,6 +219,8 @@ protected override void InitializeTarget()
             string sharedAccessSignature = string.Empty;
             string storageAccountName = string.Empty;
             string storageAccountAccessKey = string.Empty;
+            string clientAuthId = string.Empty;
+            string clientAuthSecret = string.Empty;
             string eventHubName = string.Empty;
             string useWebSockets = string.Empty;
             string webSocketProxyAddress = string.Empty;
@@ -229,6 +241,8 @@ protected override void InitializeTarget()
                     sharedAccessSignature = SharedAccessSignature?.Render(defaultLogEvent);
                     storageAccountName = AccountName?.Render(defaultLogEvent);
                     storageAccountAccessKey = AccessKey?.Render(defaultLogEvent);
+                    clientAuthId = ClientAuthId?.Render(defaultLogEvent);
+                    clientAuthSecret = ClientAuthSecret?.Render(defaultLogEvent);
                 }
 
                 useWebSockets = UseWebSockets?.Render(defaultLogEvent) ?? string.Empty;
@@ -239,7 +253,7 @@ protected override void InitializeTarget()
                 customEndPointAddress = CustomEndpointAddress?.Render(defaultLogEvent) ?? string.Empty;
                 webSocketProxyAddress = WebSocketProxyAddress?.Render(defaultLogEvent) ?? string.Empty;
 
-                _eventHubService.Connect(connectionString, eventHubName, serviceUri, tenantIdentity, managedIdentityResourceId, managedIdentityClientId, sharedAccessSignature, storageAccountName, storageAccountAccessKey, bool.TrueString == useWebSockets, webSocketProxyAddress, customEndPointAddress);
+                _eventHubService.Connect(connectionString, eventHubName, serviceUri, tenantIdentity, managedIdentityResourceId, managedIdentityClientId, sharedAccessSignature, storageAccountName, storageAccountAccessKey, clientAuthId, clientAuthSecret, bool.TrueString == useWebSockets, webSocketProxyAddress, customEndPointAddress);
                 InternalLogger.Debug("AzureEventHubTarget(Name={0}): Initialized", Name);
             }
             catch (Exception ex)
@@ -542,7 +556,7 @@ private sealed class EventHubService : IEventHubService
 
             public string EventHubName { get; private set; }
 
-            public void Connect(string connectionString, string eventHubName, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, bool useWebSockets, string webSocketsProxyAddress, string endPointAddress)
+            public void Connect(string connectionString, string eventHubName, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, string clientAuthId, string clientAuthSecret, bool useWebSockets, string webSocketsProxyAddress, string endPointAddress)
             {
                 EventHubName = eventHubName;
 
@@ -574,6 +588,11 @@ public void Connect(string connectionString, string eventHubName, string service
                 {
                     _client = new Azure.Messaging.EventHubs.Producer.EventHubProducerClient(serviceUri, eventHubName, new Azure.AzureNamedKeyCredential(storageAccountName, storageAccountAccessKey), options);
                 }
+                else if (!string.IsNullOrEmpty(clientAuthId) && !string.IsNullOrEmpty(clientAuthSecret) && !string.IsNullOrEmpty(tenantIdentity))
+                {
+                    var tokenCredentials = new Azure.Identity.ClientSecretCredential(tenantIdentity, clientAuthId, clientAuthSecret);
+                    _client = new Azure.Messaging.EventHubs.Producer.EventHubProducerClient(serviceUri, eventHubName, tokenCredentials);
+                }
                 else
                 {
                     var tokenCredentials = AzureCredentialHelpers.CreateTokenCredentials(managedIdentityClientId, tenantIdentity, managedIdentityResourceId);

src/NLog.Extensions.AzureEventHub/IEventHubService.cs

@@ -8,7 +8,7 @@ namespace NLog.Extensions.AzureStorage
     internal interface IEventHubService
     {
         string EventHubName { get; }
-        void Connect(string connectionString, string eventHubName, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, bool useWebSockets, string webSocketsProxyAddress, string endPointAddress);
+        void Connect(string connectionString, string eventHubName, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, string clientAuthId, string clientAuthSecret, bool useWebSockets, string webSocketsProxyAddress, string endPointAddress);
         Task CloseAsync();
         Task SendAsync(IEnumerable<EventData> eventDataBatch, string partitionKey, CancellationToken cancellationToken);
     }

src/NLog.Extensions.AzureEventHub/README.md

@@ -72,6 +72,10 @@ _accountName_ - accountName for `AzureNamedKeyCredential` authentication. Requir
 
 _accessKey_ - accountKey for `AzureNamedKeyCredential` authentication. Requires `serviceUri` and `accountName`.
 
+_clientAuthId_ - clientId for `ClientSecretCredential` authentication. Requires `serviceUri`, `tenantIdentity` and `clientAuthSecret`.
+
+_clientAuthSecret_ - clientSecret for `ClientSecretCredential` authentication. Requires `serviceUri`,`tenantIdentity` and `clientAuthId`.
+
 ### Batching Policy
 
 _maxBatchSizeBytes_ - Max size of a single batch in bytes [Integer](https://github.com/NLog/NLog/wiki/Data-types) (Default=1024*1024)

src/NLog.Extensions.AzureQueueStorage/ICloudQueueService.cs

@@ -7,7 +7,7 @@ namespace NLog.Extensions.AzureStorage
 {
     internal interface ICloudQueueService
     {
-        void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, TimeSpan? timeToLive, IDictionary<string, string> queueMetadata);
+        void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey, string clientAuthId, string clientAuthSecret, TimeSpan? timeToLive, IDictionary<string, string> queueMetadata);
         Task AddMessageAsync(string queueName, string queueMessage, CancellationToken cancellationToken);
     }
 }