Collect Authentication Telemetry #27560
Conversation
| Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status. |
Co-authored-by: Copilot <[email protected]>
msJinLei
force-pushed
the
jinlei/includeLatestCommon
branch
from
f2c75d6 to
e90adbf
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces authentication telemetry collection by adding and passing a new CmdletContext property throughout the authentication workflow. Key changes include:
- Adding a new public ICmdletContext property in RMProfileClient and updating authentication methods to use it.
- Updating various components and test files to register and pass the _cmdletContext as part of authentication requests.
- Modifying methods in ContextAdapter and others to support the additional telemetry context.
Reviewed Changes
Copilot reviewed 52 out of 52 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/Accounts/Accounts/Models/RMProfileClient.cs | Added ICmdletContext property and updated Authenticate method. |
| src/Accounts/Accounts/Environment/GetAzureRMEnvironment.cs | Instantiated RMProfileClient with new CmdletContext property. |
| src/Accounts/Accounts/Default/SetAzureRMDefault.cs | Updated GetServiceClientCredentials call to include _cmdletContext. |
| src/Accounts/Accounts/Default/GetAzureRmDefault.cs | Updated GetServiceClientCredentials call to include _cmdletContext. |
| src/Accounts/Accounts/Context/GetAzureRMContext.cs | Modified RefreshContextsFromCache to pass _cmdletContext. |
| src/Accounts/Accounts/CommonModule/EnvironmentExtensions.cs | Minor update to use default literal for improved readability. |
| src/Accounts/Accounts/CommonModule/ContextAdapter.cs | Extended authentication helper methods to accept and pass cmdletContext. |
| src/Accounts/Accounts/Common/AzureContextModificationCmdlet.cs | Updated object initialization to include CmdletContext property. |
| Test Files | Updated tests to register AuthenticationTelemetry component. |
| src/Accounts/Accounts/ChangeLog.md | Updated changelog to document telemetry changes. |
| { | ||
| optionalParameters.Add(AuthenticationFactory.CmdletContextParameterName, extensibleParameters[AuthenticationFactory.CmdletContextParameterName]); | ||
| } | ||
| var authToken = _authenticator.Authenticate(context.Account, context.Environment, context.Tenant.Id, null, "Never", null, optionalParameters); |
There was a problem hiding this comment.
Could you please explain the change here?
| { | ||
| { TokenCacheParameterName, tokenCache }, | ||
| { ResourceIdParameterName, resourceId } | ||
| }; |
There was a problem hiding this comment.
why are these 2 parameters set as optional parameters? Especially when tokenCache do not have a default value.
| @@ -118,7 +121,12 @@ internal void AddAuthorizeRequestHandler( | |||
| { | |||
| endpointResourceIdKey = endpointResourceIdKey ?? AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId; | |||
| var context = GetDefaultContext(_provider, invocationInfo); | |||
| return await AuthenticationHelper(context, endpointResourceIdKey, endpointSuffixKey, request, cancelToken, cancelAction, signal, next); | |||
| ICmdletContext cmdletContext = AzureCmdletContext.CmdletNone; | |||
There was a problem hiding this comment.
AddAuthorizeRequestHandler is used in Autogen Data plane module. But extensibleParameters is actually not populated when this function is called in autogen module. So for autogen modules, we will not generate telemetry for authentication, is it right?
There was a problem hiding this comment.
Another question is whether we need to add similar logic for onnewrequest, which is used by manage plane modules.
| @@ -342,7 +342,7 @@ internal static void CheckAndEnqueue<T>(this ConcurrentQueue<T> queue, T item) | |||
|
|
|||
| internal static bool TryDequeueIfNotNull<T>(this ConcurrentQueue<T> queue, out T result) | |||
| { | |||
| result = default(T); | |||
| result = default; | |||
There was a problem hiding this comment.
Any reason to change this?
| @@ -72,7 +72,7 @@ private void UpdateStorage(KeyStoreNotificationArgs args) | |||
| helper.WriteToCachedStorage(args.KeyCache); | |||
| } | |||
|
|
|||
| public void Clear() | |||
| public virtual void Clear() | |||
There was a problem hiding this comment.
Could you please explain here? Who is inheriting current class and overriding current function?
| options.DisableInstanceDiscovery = spParameters.DisableInstanceDiscovery ?? options.DisableInstanceDiscovery; | ||
| options.Diagnostics.IsTelemetryEnabled = false; // disable telemetry to avoid error thrown from Azure.Core that AssemblyInformationalVersion is null | ||
| TokenCredential tokenCredential = new ClientAssertionCredential(tenantId, spParameters.ClientId, () => GetClientAssertion(spParameters), options); | ||
|
|
||
| base.CollectTelemetry(tokenCredential); | ||
| CheckTokenCachePersistanceEnabled = () => |
There was a problem hiding this comment.
Just questioning - If CheckTokenCachePersistanceEnabled is implemented in most authenticators, can we define this function in a more common place?
Co-authored-by: NoriZC <[email protected]>
| @@ -75,7 +78,7 @@ public void OnNewRequest(InvocationInfo invocationInfo, string correlationId, st | |||
| { | |||
| prependStep(UniqueId.Instance.SendAsync); | |||
| appendStep(new UserAgent(invocationInfo).SendAsync); | |||
| appendStep(this.SendHandler(GetDefaultContext(_provider, invocationInfo), AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)); | |||
| appendStep(this.SendHandler(GetDefaultContext(_provider, invocationInfo), AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId, new AzureCmdletContext(correlationId))); | |||
There was a problem hiding this comment.
double check correlationId
Description
The purpose of the PR is to send new property to Azure PowerShell telemetry to collection information of authentication
The details of auth-info-secondary
[{"TokenCredentialName":"SharedTokenCacheCredential","AuthenticationSuccess":true},{"TokenCredentialName":"SharedTokenCacheCredential","AuthenticationSuccess":false},{"TokenCredentialName":"SharedTokenCacheCredential","AuthenticationSuccess":false},{"TokenCredentialName":"SharedTokenCacheCredential","AuthenticationSuccess":false},{"TokenCredentialName":"SharedTokenCacheCredential","AuthenticationSuccess":true},{"TokenCredentialName":"SharedTokenCacheCredential","AuthenticationSuccess":false},{"TokenCredentialName":"SharedTokenCacheCredential","AuthenticationSuccess":false}]
API Change
Add Interface to Send Auth Info to Telemetry azure-powershell-common#421
Mandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.mdand reviewed the following information:ChangeLog.mdfile(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.## Upcoming Releaseheader in the past tense.ChangeLog.mdif no new release is required, such as fixing test case only.