[vcr-2.0] Create sync secret cred client (#2662)

This patch adds code to create a synchronous secret-credential client for contacting Azure.
linkedin · Dec 1, 2023 · 5aa86fb · 5aa86fb
1 parent c9537d5
commit 5aa86fb
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 7 deletions.
diff --git a/ambry-cloud/src/main/java/com/github/ambry/cloud/azure/AzureCloudDestinationSync.java b/ambry-cloud/src/main/java/com/github/ambry/cloud/azure/AzureCloudDestinationSync.java
@@ -116,6 +116,24 @@ public AzureCloudDestinationSync(VerifiableProperties verifiableProperties, Metr
      *    cloudConfig.cloudRecentBlobCacheLimit = 0; unnecessary, as repl-logic avoids duplicate messages any ways
      *    cloudConfig.vcrMinTtlDays = Infinite; Just upload each blob, don't complicate it.
      *
+     *    Client configs
+     *    ==============
+     *    azureStorageClientClass = com.github.ambry.cloud.azure.ConnectionStringBasedStorageClient
+     *    azureStorageConnectionString = <must be a valid string if using ConnectionStringBasedStorageClient>
+     *
+     *    OR,
+     *
+     *    azureStorageClientClass = com.github.ambry.cloud.azure.ClientSecretCredentialStorageClient
+     *    azureIdentityTenantId = <must be a valid string if using ClientSecretCredentialStorageClient>
+     *    azureIdentityClientId = <must be a valid string if using ClientSecretCredentialStorageClient>
+     *    azureIdentitySecret   = <must be a valid string if using ClientSecretCredentialStorageClient>
+     *    azureIdentityProxyHost = null
+     *    azureIdentityProxyPort = null
+     *
+     *    azureStorageEndpoint = https://<account name>.blob.core.windows.net
+     *    vcrProxyHost = null
+     *    vcrProxyPort = null
+     *
      *    Compaction Configs
      *    ==================
      *

diff --git a/ambry-cloud/src/main/java/com/github/ambry/cloud/azure/AzureUtils.java b/ambry-cloud/src/main/java/com/github/ambry/cloud/azure/AzureUtils.java
@@ -34,12 +34,17 @@ class AzureUtils {
    * @param azureCloudConfig the configs.
    */
   static void validateAzureIdentityConfigs(AzureCloudConfig azureCloudConfig) {
-    if (azureCloudConfig.azureIdentityTenantId.isEmpty() || azureCloudConfig.azureIdentityClientId.isEmpty()
-        || azureCloudConfig.azureIdentitySecret.isEmpty()) {
+    if (azureCloudConfig.azureIdentityTenantId == null || azureCloudConfig.azureIdentityTenantId.isEmpty()) {
       throw new IllegalArgumentException(
-          String.format("One of the required configs for using ClientSecretCredential (%s, %s, %s) is missing",
-              AzureCloudConfig.AZURE_IDENTITY_TENANT_ID, AzureCloudConfig.AZURE_IDENTITY_CLIENT_ID,
-              AzureCloudConfig.AZURE_IDENTITY_SECRET));
+          String.format("%s is null or empty", AzureCloudConfig.AZURE_IDENTITY_TENANT_ID));
+    }
+    if (azureCloudConfig.azureIdentityClientId == null || azureCloudConfig.azureIdentityClientId.isEmpty()) {
+      throw new IllegalArgumentException(
+          String.format("%s is null or empty", AzureCloudConfig.AZURE_IDENTITY_CLIENT_ID));
+    }
+    if (azureCloudConfig.azureIdentitySecret == null || azureCloudConfig.azureIdentitySecret.isEmpty()) {
+      throw new IllegalArgumentException(
+          String.format("%s is null or empty", AzureCloudConfig.AZURE_IDENTITY_SECRET));
     }
   }
 
@@ -49,10 +54,13 @@ static void validateAzureIdentityConfigs(AzureCloudConfig azureCloudConfig) {
    */
   static ClientSecretCredential getClientSecretCredential(AzureCloudConfig azureCloudConfig) {
     ClientSecretCredentialBuilder builder =
-        new ClientSecretCredentialBuilder().tenantId(azureCloudConfig.azureIdentityTenantId)
+        new ClientSecretCredentialBuilder()
+            .tenantId(azureCloudConfig.azureIdentityTenantId)
             .clientId(azureCloudConfig.azureIdentityClientId)
             .clientSecret(azureCloudConfig.azureIdentitySecret);
-    if (!azureCloudConfig.azureIdentityProxyHost.isEmpty()) {
+    if (azureCloudConfig.azureIdentityProxyHost == null || azureCloudConfig.azureIdentityProxyHost.isEmpty()) {
+      logger.info("Not using proxy for ClientSecretCredential as it is null or an empty string");
+    } else {
       logger.info("Using proxy for ClientSecretCredential: {}:{}", azureCloudConfig.azureIdentityProxyHost,
           azureCloudConfig.azureIdentityProxyPort);
       ProxyOptions proxyOptions = new ProxyOptions(ProxyOptions.Type.HTTP,

diff --git a/...cloud/src/main/java/com/github/ambry/cloud/azure/ClientSecretCredentialStorageClient.java b/...cloud/src/main/java/com/github/ambry/cloud/azure/ClientSecretCredentialStorageClient.java
@@ -88,4 +88,23 @@ protected boolean handleExceptionAndHintRetry(BlobStorageException blobStorageEx
     // no need to request a retry on 403 since the credential impl handles token refresh internally.
     return false;
   }
+
+  /**
+   * Creates a synchronous client that uses a secret and a token to authenticate and contact Azure Blob Storage.
+   * @param httpClient {@link HttpClient} object.
+   * @param configuration {@link Configuration} object.
+   * @param retryOptions {@link RequestRetryOptions} object.
+   * @param azureCloudConfig {@link AzureCloudConfig} object.
+   * @return
+   */
+  protected BlobServiceClient buildBlobServiceSyncClient(HttpClient httpClient, Configuration configuration,
+      RequestRetryOptions retryOptions, AzureCloudConfig azureCloudConfig) {
+    return new BlobServiceClientBuilder()
+        .credential(AzureUtils.getClientSecretCredential(azureCloudConfig))
+        .endpoint(azureCloudConfig.azureStorageEndpoint)
+        .httpClient(httpClient)
+        .retryOptions(retryOptions)
+        .configuration(configuration)
+        .buildClient();
+  }
 }