Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Changes Cosmos to use MI connection #4026

Merged
merged 5 commits into from
Sep 6, 2024
Merged

[Feature] Changes Cosmos to use MI connection #4026

merged 5 commits into from
Sep 6, 2024

Conversation

brendankowitz
Copy link
Member

@brendankowitz brendankowitz commented Aug 14, 2024
edited
Loading

Description

This pull request introduces several changes across multiple files to enhance Azure resource management, improve Cosmos DB configuration, and add new features to the FHIR server configuration. The most important changes include adding new package versions, modifying Azure deployment templates, and updating Cosmos DB configurations to support managed identity.

Azure Deployment Template Updates:

Cosmos DB Configuration Improvements:

FHIR Server Configuration Updates:

Azure Resource Management Enhancements:

These changes collectively enhance the Azure resource management capabilities, improve the deployment process, and add new configuration options for Cosmos DB and FHIR server setups.

Related issues

Addresses AB#95002.

Supersedes/includes relevant changes from the following PRs:

Testing

Describe how this change was tested.

FHIR Team Checklist

  • Update the title of the PR to be succinct and less than 65 characters
  • Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
  • Tag the PR with the type of update: Bug, Build, Dependencies, Enhancement, New-Feature or Documentation
  • Tag the PR with Open source, Azure API for FHIR (CosmosDB or common code) or Azure Healthcare APIs (SQL or common code) to specify where this change is intended to be released.
  • Tag the PR with Schema Version backward compatible or Schema Version backward incompatible or Schema Version unchanged if this adds or updates Sql script which is/is not backward compatible with the code.
  • CI is green before merge Build Status
  • Review squash-merge requirements

Semver Change (docs)

Feature (new capability to connect to Cosmos with MI)

@brendankowitz brendankowitz force-pushed the personal/bkowitz/cosmos-mi-arm branch 2 times, most recently from e34fe66 to 48202d5 Compare August 14, 2024 19:25
@brendankowitz brendankowitz force-pushed the personal/bkowitz/cosmos-mi-arm branch 3 times, most recently from 793e7c8 to 2519ee2 Compare August 15, 2024 00:10
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 15, 2024
View reviewed changes
src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/CosmosDbCollectionPhysicalPartitionInfo.cs
Comment on lines +129 to +143
if (_dataStoreConfiguration.UseManagedIdentity)
{
resourceKey = await GenerateAuthTokenAad(
host,
cancellationToken);
}
else
{
resourceKey = await GenerateAuthToken(
"get",
"pkranges",
$"dbs/{_dataStoreConfiguration.DatabaseId}/colls/{_collectionConfiguration.CollectionId}",
date,
key));
key);
}

Check notice

Code scanning / CodeQL

Missed ternary opportunity

Both branches of this 'if' statement write to the same variable - consider using '?' to express intent better.
src/Microsoft.Health.Fhir.CosmosDb/Features/Storage/FhirCosmosClientInitializer.cs Fixed Show fixed Hide fixed
@brendankowitz brendankowitz force-pushed the personal/bkowitz/cosmos-mi-arm branch 4 times, most recently from 4e0eb3a to ec96065 Compare August 15, 2024 05:56
brendankowitz
brendankowitz commented Aug 15, 2024
View reviewed changes
src/Microsoft.Health.Fhir.Shared.Web/Startup.cs
@@ -355,6 +356,7 @@ private void AddTelemetryProvider(IServiceCollection services)
{
var configuration = new TelemetryConfiguration();
Configuration.GetSection("Telemetry").Bind(configuration);
services.AddTransient<IMeterFactory, DummyMeterFactory>();
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fhibf this failed to resolve for me when running locally against cosmos, any ideas?

@brendankowitz brendankowitz added this to the S147 milestone Aug 15, 2024
@brendankowitz brendankowitz added Enhancement Enhancement on existing functionality. Azure API for FHIR Label denotes that the issue or PR is relevant to the Azure API for FHIR Open source This change is only relevant to the OSS code or release. labels Aug 15, 2024
@brendankowitz brendankowitz marked this pull request as ready for review August 15, 2024 19:19
@brendankowitz brendankowitz requested a review from a team as a code owner August 15, 2024 19:19
@brendankowitz brendankowitz changed the title [Draft] Changes Cosmos to use MI connection [Feature] Changes Cosmos to use MI connection Aug 15, 2024
@brendankowitz brendankowitz force-pushed the personal/bkowitz/cosmos-mi-arm branch 3 times, most recently from cb2cd50 to a1d5b8f Compare August 15, 2024 21:15
brendankowitz
brendankowitz commented Aug 15, 2024
View reviewed changes
src/Microsoft.Health.Fhir.CosmosDb.Core/Configs/CosmosDataStoreConfiguration.cs
Comment on lines +21 to +25
public bool UseManagedIdentity { get; set; }

public bool AllowDatabaseCreation { get; set; } = true;

public bool AllowCollectionSetup { get; set; } = true;
Copy link
Member Author

@brendankowitz brendankowitz Aug 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@apurvabhaleMS - We'll need these new settings in managed service :)

UseManagedService = true
AllowDatabaseCreation = false
AllowCollectionSetup = false

Though in thinking about it, if we add the Cosmos DB Operator permission too it would setup the db automatically, like it used to...

UseManagedService = true
AllowDatabaseCreation = false
AllowCollectionSetup = true

This was referenced Aug 19, 2024
Closed
Closed
@brendankowitz brendankowitz modified the milestones: S147, S148 Aug 20, 2024
apurvabhaleMS
apurvabhaleMS previously approved these changes Sep 2, 2024
View reviewed changes
apurvabhaleMS
apurvabhaleMS reviewed Sep 3, 2024
View reviewed changes
...crosoft.Health.Fhir.CosmosDb/Registration/FhirServerBuilderCosmosDbRegistrationExtensions.cs
@@ -181,7 +181,21 @@ private static IFhirServerBuilder AddCosmosDbPersistence(this IFhirServerBuilder
.Transient()
.AsService<ICollectionDataUpdater>();

services.Add<ResourceManagerCollectionSetup>()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would ResourceManagerCollectionSetup always be invoked?
I think for OSS it should, thinking more in terms of SF and AKS?

Copy link
Member Author

@brendankowitz brendankowitz Sep 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is registered as self, but not always resolved. If none of the setup functionality is required then you can register the default:
services.RemoveAll<ICollectionSetup>()
services.Add<ICollectionSetup, DefaultCollectionSetup>()

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to below. When AllowDatabaseCreation and AllowCollectionSetup are false then it will return the noop provider

@brendankowitz
Copy link
Member Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@brendankowitz brendankowitz merged commit 66ba9a5 into main Sep 6, 2024
44 of 46 checks passed
@brendankowitz brendankowitz deleted the personal/bkowitz/cosmos-mi-arm branch September 6, 2024 04:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apurvabhaleMS apurvabhaleMS apurvabhaleMS approved these changes

Assignees
No one assigned
Labels
Azure API for FHIR Label denotes that the issue or PR is relevant to the Azure API for FHIR Enhancement Enhancement on existing functionality. Open source This change is only relevant to the OSS code or release.
Projects
None yet
Milestone
S148
Development

Successfully merging this pull request may close these issues.
2 participants
@brendankowitz @apurvabhaleMS