Azure App Configuration Provider Beta

sdk/appconfiguration/azure-appconfiguration-provider/CHANGELOG.md

@@ -0,0 +1,20 @@
+# Release History
+
+## 1.0.0b1 (Unreleased)
+
+New Azure App Configuration Provider
+
+Provides additional support above the Azure App Configuration SDK. Enables:
+* Connecting to an Azure App Configuration store
+* Selecting multiple keys using Setting Selector
+* Resolve Key Vault References when supplied AzureAppConfigurationKeyVaultOptions
+
+The Azure App Configuration Provider once loaded returns a dictionary of key/value pairs to use in configuration.
+
+```python
+endpoint = "https://<your-store>.azconfig.io"
+default_credential = DefaultAzureCredential()
+config = AzureAppConfigurationProvider.load(
+    endpoint=endpoint, credential=default_credential)
+print(config["message"])
+```

sdk/appconfiguration/azure-appconfiguration-provider/LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) Microsoft Corporation.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

sdk/appconfiguration/azure-appconfiguration-provider/MANIFEST.in

@@ -0,0 +1,7 @@
+recursive-include tests *.py
+include *.md
+include LICENSE
+include azure/__init__.py
+recursive-include samples *.py *.md
+recursive-include doc *.rst
+include azure/appconfiguration/py.typed

sdk/appconfiguration/azure-appconfiguration-provider/README.md

@@ -0,0 +1,121 @@
+# Azure App Configuration Python Provider client library for Python
+
+Azure App Configuration is a managed service that helps developers centralize their application configurations simply and securely. This provider adds additional functionality above the azure-sdk-for-python.
+
+Using the provider enables loading sets of configurations from a Azure App Configuration store in a managed way.
+
+## Getting started
+
+### Get credentials
+
+Use the [Azure CLI][azure_cli] snippet below to get the connection string from the Configuration Store.
+
+```Powershell
+az appconfig credential list --name <config-store-name>
+```
+
+Alternatively, get the connection string from the Azure Portal.
+
+### Creating a provider
+
+You can create a client with a connection string:
+
+```python
+config = AzureAppConfigurationProvider.load(connection_string="your-connection-string")
+```
+
+or with AAD:
+
+```python
+config = AzureAppConfigurationProvider.load(endpoint="your-endpoint", credential=DefaultAzureCredential())
+```
+
+these providers will by default load all configurations with `(No Label)` from your configuration store.
+
+## Examples
+
+### Selecting configurations
+
+You can refine or expand the configurations loaded from your store by using `SettingSelector`s. Setting selectors provide a way to pass a key filter and label filter into the provider.
+
+```python
+selects = {SettingSelector(key_filter="*", label_filter="\0"), SettingSelector(key_filter="*", label_filter="dev")}
+config = AzureAppConfigurationProvider.load(
+    endpoint=endpoint, credential=default_credential, selects=selects)
+```
+In this example all configuration with empty label and the dev label are loaded. Because the dev selector is listed last, any configurations from dev take priority over those with `(No Label)` when duplicates are found.
+
+### Trimming Keys
+
+You can trim the prefix off of keys by providing a list of trimmed key prefixes to the provider.
+
+```python
+trimmed_key_prefixes={"/application/"}
+config = AzureAppConfigurationProvider.load(
+    endpoint=endpoint, credential=default_credential, trimmed_key_prefixes=trimmed_key_prefixes)
+```
+
+### Resolving Key Vault References
+
+Key Vault References can be resolved by providing credentials to your key vault to the provider using `AzureAppConfigurationKeyVaultOptions`.
+
+#### With Credentials
+
+You can provide `AzureAppConfigurationKeyVaultOptions` with a credential and all key vault references will be resolved with it. The provider will attempt to connect to any key vault referenced with the credential provided.
+
+```python
+key_vault_options = AzureAppConfigurationKeyVaultOptions(credential=default_credential)
+config = AzureAppConfigurationProvider.load(endpoint=endpoint, credential=default_credential, key_vault_options=key_vault_options)
+```
+### With Clients
+
+You can provide `AzureAppConfigurationKeyVaultOptions` with a list of `SecretClients`.
+
+```python
+key_vault_options = AzureAppConfigurationKeyVaultOptions(
+    secret_clients={SecretClient(
+        vault_url=key_vault_uri, credential=default_credential)})
+config = AzureAppConfigurationProvider.load(endpoint=endpoint, credential=default_credential, key_vault_options=key_vault_options)
+```
+
+### Secret Resolver
+
+If no Credentials or Clients are provided a secret resolver can be used. Secret resolver provides a way to return any value you want to a key vault reference.
+
+```python
+def secret_resolver(uri):
+    return "From Secret Resolver"
+
+key_vault_options = AzureAppConfigurationKeyVaultOptions(
+    secret_resolver=secret_resolver)
+config = AzureAppConfigurationProvider.load(
+    endpoint=endpoint, credential=default_credential, key_vault_options=key_vault_options)
+```
+
+## Key concepts
+
+## Troubleshooting
+
+## Next steps
+
+## Contributing
+
+This project welcomes contributions and suggestions. Most contributions require
+you to agree to a Contributor License Agreement (CLA) declaring that you have
+the right to, and actually do, grant us the rights to use your contribution.
+For details, visit https://cla.microsoft.com.
+
+When you submit a pull request, a CLA-bot will automatically determine whether
+you need to provide a CLA and decorate the PR appropriately (e.g., label,
+comment). Simply follow the instructions provided by the bot. You will only
+need to do this once across all repos using our CLA.
+
+This project has adopted the
+[Microsoft Open Source Code of Conduct][code_of_conduct]. For more information,
+see the Code of Conduct FAQ or contact [email protected] with any
+additional questions or comments.
+
+[cla]: https://cla.microsoft.com
+[code_of_conduct]: https://opensource.microsoft.com/codeofconduct/
+[coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/
+[coc_contact]: mailto:[email protected]

sdk/appconfiguration/azure-appconfiguration-provider/azure/__init__.py

@@ -0,0 +1,2 @@
+__path__ = __import__("pkgutil").extend_path(
+    __path__, __name__)  # type: ignore

sdk/appconfiguration/azure-appconfiguration-provider/azure/appconfigurationprovider/__init__.py

@@ -0,0 +1,22 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+from ._azureappconfigurationprovider import AzureAppConfigurationProvider
+from ._azureappconfigurationkeyvaultoptions import AzureAppConfigurationKeyVaultOptions
+from ._settingselector import SettingSelector
+
+from ._version import VERSION
+
+__version__ = VERSION
+__all__ = [
+    "AzureAppConfigurationProvider",
+    "AzureAppConfigurationKeyVaultOptions",
+    "SettingSelector"
+]

sdk/appconfiguration/azure-appconfiguration-provider/azure/appconfigurationprovider/_azureappconfigurationkeyvaultoptions.py

@@ -0,0 +1,15 @@
+# ------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+# ------------------------------------
+
+class AzureAppConfigurationKeyVaultOptions:
+
+    def __init__(self, credential=None, secret_clients=None, secret_resolver=None):
+        """
+        credential, secret_clients (clients for connecting to multiple key vaults with different credentials),
+         secret_resolver
+        """
+        self.credential = credential
+        self.secret_clients = secret_clients
+        self.secret_resolver = secret_resolver

sdk/appconfiguration/azure-appconfiguration-provider/azure/appconfigurationprovider/_azureappconfigurationprovider.py

@@ -0,0 +1,155 @@
+# ------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+# ------------------------------------
+
+from urllib.parse import urlparse
+import json
+import warnings
+from azure.appconfiguration import AzureAppConfigurationClient
+from azure.keyvault.secrets import SecretClient
+from ._settingselector import SettingSelector
+from ._user_agent import USER_AGENT
+
+
+class AzureAppConfigurationProvider:
+
+    def __init__(self):
+        self._dict = {}
+        self._trim_prefixes = []
+        self._client = None
+
+    @classmethod
+    def load(cls, connection_string=None, endpoint=None, credential=None, **kwargs):
+        """
+        Requires either a connection-string, or an Endpoint with a Credential. Loads the selected configuration
+         settings into itself for usage.
+        Optional parameters:
+        selectors (List of SettingSelector for selecting which applicationconfiguration settings to load),. If not
+         specified, all key-values with the empty label will be loaded.
+        trimmed_key_prefixes (remove prefixes in key name, list of what to trim),
+        key_vault_options (Configurations for connecting to Key Vault(s))
+        """
+        provider = AzureAppConfigurationProvider()
+
+        key_vault_options = kwargs.pop("key_vault_options", None)
+
+        provider.buildprovider(connection_string, endpoint,
+                               credential, key_vault_options)
+
+        selects = kwargs.pop("selects", {SettingSelector("*", "\0")})
+        provider._trim_prefixes = kwargs.pop("trimmed_key_prefixes", [])
+
+        provider._dict = {}
+        secret_clients = {}
+
+        for select in selects:
+            configurations = provider._client.list_configuration_settings(
+                key_filter=select.key_filter, label_filter=select.label_filter)
+            for config in configurations:
+                if config.content_type is None:
+                    # Deals with possible null value via Rest API
+                    provider._dict[provider.trim(config.key)] = config.value
+                elif config.content_type == "application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8":
+                    provider.resolve_keyvault_references(
+                        config, key_vault_options, secret_clients)
+                elif "application/json" in config.content_type:
+                    j_object = json.loads(config.value)
+                    provider._dict[provider.trim(config.key)] = j_object
+                else:
+                    provider._dict[provider.trim(config.key)] = config.value
+        return provider
+
+    def buildprovider(self, connection_string, endpoint, credential, key_vault_options):
+        usesKeyVault = False
+
+        if (key_vault_options is not None and
+                (key_vault_options.credential is not None or key_vault_options.secret_clients is not None or
+                 key_vault_options.secret_resolver is not None)):
+            usesKeyVault = True
+
+        headers = {}
+        correlation_context = "RequestType=Startup"
+
+        if usesKeyVault:
+            correlation_context += ",UsesKeyVault"
+
+        headers["Correlation-Context"] = correlation_context
+        useragent = USER_AGENT
+
+        if connection_string is not None:
+            self._client = AzureAppConfigurationClient.from_connection_string(
+                connection_string, user_agent=useragent, headers=headers)
+            return
+        self._client = AzureAppConfigurationClient(
+            endpoint, credential, user_agent=useragent, headers=headers)
+
+    def resolve_keyvault_references(self, config, key_vault_options, secret_clients):
+        if key_vault_options is None:
+            warnings.warn(
+                "Key Vault Reference found, but no Key Vault Options were provided")
+            return
+        j_object = json.loads(config.value)
+        uri_value = j_object['uri']
+
+        uri = urlparse(uri_value)
+
+        key_vault_uri = "https://" + uri.hostname
+        key_vault_secret_prefix = "/secrets/"
+        key_vault_secret_name = uri.path[len(
+            key_vault_secret_prefix):]
+        if key_vault_options.credential is not None:
+            secret_client = None
+
+            # Clients only should be made once, will reuse if client already made
+            for client_uri in secret_clients:
+                if client_uri == key_vault_uri:
+                    secret_client = secret_clients[client_uri]
+                    break
+            if secret_client is None:
+                secret_client = SecretClient(
+                    vault_url=key_vault_uri, credential=key_vault_options.credential)
+                secret_clients[key_vault_uri] = secret_client
+            secret = secret_client.get_secret(
+                key_vault_secret_name)
+            self._dict[self.trim(config.key)] = secret.value
+            return
+        if key_vault_options.secret_clients is not None:
+            for secret_client in key_vault_options.secret_clients:
+                if secret_client._vault_url == key_vault_uri:
+                    secret = secret_client.get_secret(
+                        key_vault_secret_name)
+                    self._dict[self.trim(
+                        config.key)] = secret.value
+                break
+            return
+        if key_vault_options.secret_resolver is not None:
+            self._dict[self.trim(
+                config.key)] = key_vault_options.secret_resolver(uri)
+
+    def trim(self, key):
+        for trim in self._trim_prefixes:
+            if key.startswith(trim):
+                return key[len(trim):]
+        return key
+
+    def __getitem__(self, key):
+        return self._dict[key]
+
+    def __repr__(self):
+        return repr(self._dict)
+
+    def __len__(self):
+        return len(self._dict)
+
+    def copy(self):
+        return self._dict.copy()
+
+    def has_key(self, k):
+        return k in self._dict
+
+    def keys(self):
+        return self._dict.keys()
+
+    def values(self):
+        return self._dict.values()

sdk/appconfiguration/azure-appconfiguration-provider/azure/appconfigurationprovider/_settingselector.py

@@ -0,0 +1,10 @@
+# ------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+# ------------------------------------
+
+class SettingSelector:
+
+    def __init__(self, key_filter, label_filter):
+        self.key_filter = key_filter
+        self.label_filter = label_filter

sdk/appconfiguration/azure-appconfiguration-provider/azure/appconfigurationprovider/_user_agent.py

@@ -0,0 +1,9 @@
+# ------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+# ------------------------------------
+from ._version import VERSION
+
+USER_AGENT = "python-appconfigurationprovider/{}".format(
+    VERSION
+)