Added ManagedIdentityClientId + ManagedIdentityResourceId

Author: snakefoot

src/NLog.Extensions.AzureBlobStorage/BlobStorageTarget.cs

@@ -35,32 +35,46 @@ public sealed class BlobStorageTarget : AsyncTaskTarget
         /// </summary>
         public Layout ServiceUri { get; set; }
 
+        /// <summary>
+        /// Obsolete instead use <see cref="ServiceUri"/>
+        /// </summary>
         [System.ComponentModel.EditorBrowsable(System.ComponentModel.EditorBrowsableState.Never)]
         [Obsolete("Instead use ServiceUri")]
         public Layout ServiceUrl { get => ServiceUri; set => ServiceUri = value; }
 
         /// <summary>
-        /// Alternative to ConnectionString, when using <see cref="ServiceUri"/>
-        /// tenantId for <see cref="Azure.Identity.DefaultAzureCredentialOptions"/> and <see cref="Azure.Identity.ClientSecretCredential"/>. Requires <see cref="ServiceUri"/>.
+        /// TenantId for <see cref="Azure.Identity.DefaultAzureCredentialOptions"/> and <see cref="Azure.Identity.ClientSecretCredential"/>. Requires <see cref="ServiceUri"/>.
         /// </summary>
         public Layout TenantIdentity { get; set; }
 
+        /// <summary>
+        /// Obsolete instead use <see cref="ManagedIdentityResourceId"/>
+        /// </summary>
         [System.ComponentModel.EditorBrowsable(System.ComponentModel.EditorBrowsableState.Never)]
         [Obsolete("Instead use ManagedIdentityResourceId")]
         public Layout ResourceIdentity { get => ManagedIdentityResourceId; set => ManagedIdentityResourceId = value; }
 
         /// <summary>
-        /// resourceId for <see cref="Azure.Identity.DefaultAzureCredentialOptions.ManagedIdentityResourceId"/> on <see cref="Azure.Identity.DefaultAzureCredentialOptions"/>. Requires <see cref="ServiceUri"/> .
+        /// ResourceId for <see cref="Azure.Identity.DefaultAzureCredentialOptions.ManagedIdentityResourceId"/> on <see cref="Azure.Identity.DefaultAzureCredentialOptions"/>. Requires <see cref="ServiceUri"/> .
         /// </summary>
+        /// <remarks>
+        /// Do not configure this value together with <see cref="ManagedIdentityClientId"/>
+        /// </remarks>
         public Layout ManagedIdentityResourceId { get; set; }
 
+        /// <summary>
+        /// Obsolete instead use <see cref="ManagedIdentityClientId"/>
+        /// </summary>
         [System.ComponentModel.EditorBrowsable(System.ComponentModel.EditorBrowsableState.Never)]
         [Obsolete("Instead use ManagedIdentityClientId")]
         public Layout ClientIdentity { get => ManagedIdentityClientId; set => ManagedIdentityClientId = value; }
 
         /// <summary>
-        /// Sets <see cref="Azure.Identity.DefaultAzureCredentialOptions.ManagedIdentityClientId"/> on <see cref="Azure.Identity.DefaultAzureCredentialOptions"/>. Requires <see cref="ServiceUri"/>.
+        /// ManagedIdentityClientId for <see cref="Azure.Identity.DefaultAzureCredentialOptions"/>. Requires <see cref="ServiceUri"/>.
         /// </summary>
+        /// <remarks>
+        /// If this value is configured, then <see cref="ManagedIdentityResourceId"/> should not be configured.
+        /// </remarks>
         public Layout ManagedIdentityClientId { get; set; }
 
         /// <summary>
@@ -69,12 +83,12 @@ public sealed class BlobStorageTarget : AsyncTaskTarget
         public Layout SharedAccessSignature { get; set; }
 
         /// <summary>
-        /// accountName for <see cref="Azure.Storage.StorageSharedKeyCredential"/> authentication. Requires <see cref="ServiceUri"/> and <see cref="AccessKey"/>.
+        /// AccountName for <see cref="Azure.Storage.StorageSharedKeyCredential"/> authentication. Requires <see cref="ServiceUri"/> and <see cref="AccessKey"/>.
         /// </summary>
         public Layout AccountName { get; set; }
 
         /// <summary>
-        /// accountKey for <see cref="Azure.Storage.StorageSharedKeyCredential"/> authentication. Requires <see cref="ServiceUri"/> and <see cref="AccountName"/>.
+        /// AccountKey for <see cref="Azure.Storage.StorageSharedKeyCredential"/> authentication. Requires <see cref="ServiceUri"/> and <see cref="AccountName"/>.
         /// </summary>
         public Layout AccessKey { get; set; }
 

src/NLog.Extensions.AzureBlobStorage/NLog.Extensions.AzureBlobStorage.csproj

@@ -18,9 +18,11 @@
     <RepositoryUrl>https://github.com/JDetmar/NLog.Extensions.AzureStorage.git</RepositoryUrl>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <PackageReleaseNotes>
-      - Added support for authentication with a service principal using a secret. by @ssteiner
+- Added support for authentication with a service principal using a secret. by @ssteiner
+- Introduced ManagedIdentityClientId to replace ClientIdentity-option
+- Introduced ManagedIdentityResourceId to replace ResourceIdentity-option
 
-      Docs: https://github.com/JDetmar/NLog.Extensions.AzureStorage/blob/master/src/NLog.Extensions.AzureBlobStorage/README.md
+Docs: https://github.com/JDetmar/NLog.Extensions.AzureStorage/blob/master/src/NLog.Extensions.AzureBlobStorage/README.md
     </PackageReleaseNotes>
   </PropertyGroup>
 

src/NLog.Extensions.AzureBlobStorage/README.md

@@ -41,9 +41,9 @@ _connectionString_ - Azure storage connection string. Ex. `UseDevelopmentStorage
 
 _serviceUri_ - Uri to reference the blob service (e.g. https://{account_name}.blob.core.windows.net). Input for `BlobServiceClient`. Required, when `connectionString` is not configured. Overrides `connectionString` when both are set.
 
-_managedIdentityClientId_ - Sets `ManagedIdentityClientId` on `DefaultAzureCredentialOptions`. Requires `serviceUri`
+_managedIdentityClientId_ - Sets `ManagedIdentityClientId` on `DefaultAzureCredentialOptions`. Requires `serviceUri`.
 
-_managedIdentityResourceId_ - resourceId for `ManagedIdentityResourceId` on `DefaultAzureCredentialOptions`. Requires `serviceUri`.
+_managedIdentityResourceId_ - resourceId for `ManagedIdentityResourceId` on `DefaultAzureCredentialOptions`, do not use together with `ManagedIdentityClientId`. Requires `serviceUri`.
 
 _tenantIdentity_ - tenantId for `DefaultAzureCredentialOptions` and `ClientSecretCredential`. Requires `serviceUri`.
 

src/NLog.Extensions.AzureDataTables/DataTablesTarget.cs

@@ -66,32 +66,55 @@ public override int GetHashCode()
         /// </remarks>
         public Layout ServiceUri { get; set; }
 
+        /// <summary>
+        /// Obsolete instead use <see cref="ServiceUri"/>
+        /// </summary>
         [System.ComponentModel.EditorBrowsable(System.ComponentModel.EditorBrowsableState.Never)]
         [Obsolete("Instead use ServiceUri")]
         public Layout ServiceUrl { get => ServiceUri; set => ServiceUri = value; }
 
         /// <summary>
-        /// Alternative to ConnectionString, when using <see cref="ServiceUri"/>
+        /// TenantId for <see cref="Azure.Identity.DefaultAzureCredentialOptions"/>. Requires <see cref="ServiceUri"/>.
         /// </summary>
         public Layout TenantIdentity { get; set; }
 
         /// <summary>
-        /// Alternative to ConnectionString, when using <see cref="ServiceUri"/>
+        /// Obsolete instead use <see cref="ManagedIdentityResourceId"/>
+        /// </summary>
+        [System.ComponentModel.EditorBrowsable(System.ComponentModel.EditorBrowsableState.Never)]
+        [Obsolete("Instead use ManagedIdentityResourceId")]
+        public Layout ResourceIdentity { get => ManagedIdentityResourceId; set => ManagedIdentityResourceId = value; }
+
+        /// <summary>
+        /// ResourceId for <see cref="Azure.Identity.DefaultAzureCredentialOptions.ManagedIdentityResourceId"/> on <see cref="Azure.Identity.DefaultAzureCredentialOptions"/>. Requires <see cref="ServiceUri"/> .
+        /// </summary>
+        /// <remarks>
+        /// Do not configure this value together with <see cref="ManagedIdentityClientId"/>
+        /// </remarks>
+        public Layout ManagedIdentityResourceId { get; set; }
+
+        /// <summary>
+        /// Obsolete instead use <see cref="ManagedIdentityClientId"/>
         /// </summary>
-        public Layout ResourceIdentity { get; set; }
+        [System.ComponentModel.EditorBrowsable(System.ComponentModel.EditorBrowsableState.Never)]
+        [Obsolete("Instead use ManagedIdentityClientId")]
+        public Layout ClientIdentity { get => ManagedIdentityClientId; set => ManagedIdentityClientId = value; }
 
         /// <summary>
-        /// Alternative to ConnectionString, when using <see cref="ServiceUri"/> with ManagedIdentityClientId / WorkloadIdentityClientId
+        /// ManagedIdentityClientId for <see cref="Azure.Identity.DefaultAzureCredentialOptions"/>. Requires <see cref="ServiceUri"/>.
         /// </summary>
-        public Layout ClientIdentity { get; set; }
+        /// <remarks>
+        /// If this value is configured, then <see cref="ManagedIdentityResourceId"/> should not be configured.
+        /// </remarks>
+        public Layout ManagedIdentityClientId { get; set; }
 
         /// <summary>
-        /// Alternative to ConnectionString, when using <see cref="ServiceUri"/> with AzureSasCredential
+        /// Access signature for <see cref="Azure.AzureSasCredential"/> authentication. Requires <see cref="ServiceUri"/>.
         /// </summary>
         public Layout SharedAccessSignature { get; set; }
 
         /// <summary>
-        /// Alternative to ConnectionString, when using <see cref="ServiceUri"/> with <see cref="TableSharedKeyCredential"/> storage account name.
+        /// AccountName for <see cref="TableSharedKeyCredential"/> authentication. Requires <see cref="ServiceUri"/> and <see cref="AccessKey"/>.
         /// </summary>
         /// <remarks>
         /// You'll need a Storage or Cosmos DB account name, primary key, and endpoint Uri. 
@@ -101,7 +124,7 @@ public override int GetHashCode()
         public Layout AccountName { get; set; }
 
         /// <summary>
-        /// Alternative to ConnectionString, when using <see cref="ServiceUri"/> with <see cref="TableSharedKeyCredential"/> storage account access-key.
+        /// AccountKey for <see cref="TableSharedKeyCredential"/> authentication. Requires <see cref="ServiceUri"/> and <see cref="AccountName"/>.
         /// </summary>
         public Layout AccessKey { get; set; }
 
@@ -147,8 +170,8 @@ protected override void InitializeTarget()
             string connectionString = string.Empty;
             string serviceUri = string.Empty;
             string tenantIdentity = string.Empty;
-            string resourceIdentifier = string.Empty;
-            string clientIdentity = string.Empty;
+            string managedIdentityResourceId = string.Empty;
+            string managedIdentityClientId = string.Empty;
             string sharedAccessSignature = string.Empty;
             string accountName = string.Empty;
             string accessKey = string.Empty;
@@ -162,14 +185,14 @@ protected override void InitializeTarget()
                 {
                     serviceUri = ServiceUri?.Render(defaultLogEvent);
                     tenantIdentity = TenantIdentity?.Render(defaultLogEvent);
-                    resourceIdentifier = ResourceIdentity?.Render(defaultLogEvent);
-                    clientIdentity = ClientIdentity?.Render(defaultLogEvent);
+                    managedIdentityResourceId = ManagedIdentityResourceId?.Render(defaultLogEvent);
+                    managedIdentityClientId = ManagedIdentityClientId?.Render(defaultLogEvent);
                     sharedAccessSignature = SharedAccessSignature?.Render(defaultLogEvent);
                     accountName = AccountName?.Render(defaultLogEvent);
                     accessKey = AccessKey?.Render(defaultLogEvent);
                 }
 
-                _cloudTableService.Connect(connectionString, serviceUri, tenantIdentity, resourceIdentifier, clientIdentity, sharedAccessSignature, accountName, accessKey);
+                _cloudTableService.Connect(connectionString, serviceUri, tenantIdentity, managedIdentityResourceId, managedIdentityClientId, sharedAccessSignature, accountName, accessKey);
                 InternalLogger.Debug("AzureDataTablesTarget(Name={0}): Initialized", Name);
             }
             catch (Exception ex)
@@ -384,7 +407,7 @@ class CloudTableService : ICloudTableService
             private TableServiceClient _client;
             private TableClient _table;
 
-            public void Connect(string connectionString, string serviceUri, string tenantIdentity, string resourceIdentifier, string clientIdentity, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey)
+            public void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey)
             {
                 if (string.IsNullOrWhiteSpace(serviceUri))
                 {
@@ -400,7 +423,7 @@ public void Connect(string connectionString, string serviceUri, string tenantIde
                 }
                 else
                 {
-                    var tokenCredentials = AzureCredentialHelpers.CreateTokenCredentials(clientIdentity, tenantIdentity, resourceIdentifier);
+                    var tokenCredentials = AzureCredentialHelpers.CreateTokenCredentials(managedIdentityClientId, tenantIdentity, managedIdentityResourceId);
                     _client = new TableServiceClient(new Uri(serviceUri), tokenCredentials);
                 }
             }

src/NLog.Extensions.AzureDataTables/ICloudTableService.cs

@@ -7,7 +7,7 @@ namespace NLog.Extensions.AzureStorage
 {
     interface ICloudTableService
     {
-        void Connect(string connectionString, string serviceUri, string tenantIdentity, string resourceIdentifier, string clientIdentity, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey);
+        void Connect(string connectionString, string serviceUri, string tenantIdentity, string managedIdentityResourceId, string managedIdentityClientId, string sharedAccessSignature, string storageAccountName, string storageAccountAccessKey);
         Task SubmitTransactionAsync(string tableName, IEnumerable<TableTransactionAction> tableTransaction, CancellationToken cancellationToken);
     }
 }

src/NLog.Extensions.AzureDataTables/NLog.Extensions.AzureDataTables.csproj

@@ -18,10 +18,8 @@
     <RepositoryUrl>https://github.com/JDetmar/NLog.Extensions.AzureStorage.git</RepositoryUrl>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <PackageReleaseNotes>
-- Assign WorkloadIdentityClientId from ClientIdentity
-- Changed Layout default-value to ${message} since LogEvent is split into columns
-- Added automatic truncate when column-values has string-length above 32K
-- Skips adding column values when empty string and configured IncludeEmptyValue = false
+- Introduced ManagedIdentityClientId to replace ClientIdentity-option
+- Introduced ManagedIdentityResourceId to replace ResourceIdentity-option
 
 Docs: https://github.com/JDetmar/NLog.Extensions.AzureStorage/blob/master/src/NLog.Extensions.AzureDataTables/README.md
     </PackageReleaseNotes>

src/NLog.Extensions.AzureDataTables/README.md

@@ -32,17 +32,17 @@ _connectionString_ - Azure storage connection string. [Layout](https://github.co
 
 _serviceUri_ - Alternative to ConnectionString, where Managed Identiy is acquired from DefaultAzureCredential.
 
-_clientIdentity_ - Alternative to ConnectionString. Used together with ServiceUri. Input for DefaultAzureCredential as ManagedIdentityClientId.
+_managedIdentityClientId_ - Sets `ManagedIdentityClientId` on `DefaultAzureCredentialOptions`. Requires `serviceUri`
 
-_resourceIdentity_ - Alternative to ConnectionString. Used together with ServiceUri. Input for DefaultAzureCredential as ManagedIdentityResourceId.
+_managedIdentityResourceId_ - resourceId for `ManagedIdentityResourceId` on `DefaultAzureCredentialOptions`, do not use together with `ManagedIdentityClientId`. Requires `serviceUri`.
 
-_tenantIdentity_ - Alternative to ConnectionString. Used together with ServiceUri. Input for DefaultAzureCredential.
+_tenantIdentity_ - tenantId for `DefaultAzureCredentialOptions`. Requires `serviceUri`.
 
-_sharedAccessSignature_ - Alternative to ConnectionString. Used together with ServiceUri. Input for AzureSasCredential
+_sharedAccessSignature_ - Access signature for `AzureSasCredential` authentication. Requires `serviceUri`.
 
-_accountName_ - Alternative to ConnectionString. Used together with ServiceUri. Input for TableSharedKeyCredential storage account-name.
+_accountName_ - accountName for `TableSharedKeyCredential` authentication. Requires `serviceUri` and `accessKey`.
 
-_accessKey_ - Alternative to ConnectionString. Used together with ServiceUri. Input for TableSharedKeyCredential account-access-key.
+_accessKey_ - accountKey for `TableSharedKeyCredential` authentication. Requires `serviceUri` and `accountName`.
 
 _tableName_ - Azure table name. [Layout](https://github.com/NLog/NLog/wiki/Layouts)