Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

EventHubsSharedKeyCredential should allow the shared key to be updated

See original GitHub issue

Summary

The first preview of the track two Event Hubs client library exposed a credential type for using the shared key without a connection string; this type was based on the generic TokenCredential and accepted by the EventHubClient as a generic credential.

There is no current means to allow for the key to be rotated after the credential was created; each refresh of the token will make use of the same shared key. A means should be provided, ia method call, to provide a new shared key that will update the internal state and be used for generation of the next access token.

Success Criteria

The shared key held by the credential may be updated in-place without the need to stop processing or create a new token.
The tests necessary for its validation have been created and pass reliably.
The existing test suite continues to produce deterministic results and pass reliably.

Issue Analytics

State:
Created 4 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

jsquirecommented, Dec 6, 2019

Closing, as the associated PR has been merged. Thanks to @albertodenatale for contributing this feature!

0reactions

albertodenatalecommented, Nov 18, 2019

That’s my brain dump… but it’s largely high level. I welcome feedback, thoughts, or other ideas that you may have to improve on that.

I think is very clear thank you.

I will try to go on with that as much as I can, I will then come back to you.

SharedAccessSignatureRotatedCredential

Sitting at a high level, do you think it could be a valid idea having the EventHubsSharedKeyCredential constructor taking all the keys and passing them to SharedAccessSignatureCredential?

Looking at SharedAccessSignatureCredential:::GetToken() the keys could then be automatically rotated when the SignatureExpiration has passed?

That would offer an alternative to calling UpdateSharedAccessKey and arguably would tie nicely with what is already in place?

Or there could be a separate token like SharedAccessSignatureRotatedCredential that could do that?

Design

As I started coding, popped this question out in my mind:

Would the design open the door in future for something to call SharedAccessSignatureCredential::UpdateSharedAccessKey without calling EventHubSharedKeyCredential::UpdateSharedAccessKey potentially leaving the EventHubSharedKeyCredential::SharedAccessKey property misaligned from SharedAccessSignatureCredential::SharedAccessSignature::SharedAccessKeyName?

(that would stand also for EventHubSharedKeyCredential::SharedAccessKey)

And

Absolutely. You were wonderful to work with! We’d love to have you continue being involved.

Thank you this means a lot to me

Top Results From Across the Web

Authenticate access to Azure Event Hubs with shared ...

This article shows you how to authenticate access to Event Hubs resources using shared access signatures.

Implement an Event Hubs Shared Access Key Credential

The credential should allow the shared key and value or the shared access signature to be updated without stopping or recreating the ...

Azure Event Hubs - Apache Camel

Sets a hashing key to be provided for the batch of events, which instructs the Event Hubs service to map this key to...

Azure Event Hubs and its Complete Overview

This pillar page will focus on Azure Event Hubs and impart the knowledge on ... To obtain the Shared Access Keys, we can...

How to use the @azure/storage-blob.ContainerClient ...

async function main() { // Enter your storage account name and shared key const ... const sharedKeyCredential = new StorageSharedKeyCredential(account, ...