Merge pull request #14 from evochriso/main

Update Azure SQL Authentication to use Azure.Identity

Author: droyad

src/Tests/ApprovalFiles/NoPublicApiChanges.Run.approved.cs

@@ -1,12 +1,10 @@
-[assembly: System.CLSCompliantAttribute(true)]
+[assembly: System.CLSCompliantAttribute(false)]
 [assembly: System.Runtime.InteropServices.ComVisibleAttribute(false)]
 [assembly: System.Runtime.InteropServices.GuidAttribute("8190b40b-ac5b-414f-8a00-9b6a2c12b010")]
 
 public static class AzureSqlServerExtensions
 {
-    public static DbUp.Builder.UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema) { }
-    public static DbUp.Builder.UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema, string resource) { }
-    public static DbUp.Builder.UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema, string resource, string tenantId, string azureAdInstance = "https://login.microsoftonline.com/") { }
+    public static DbUp.Builder.UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema = null, Azure.Core.TokenCredential tokenCredential = null, string resource = "https://database.windows.net/", string tenantId = null) { }
 }
 public static class SqlServerExtensions
 {
@@ -40,9 +38,7 @@ public enum AzureDatabaseEdition : int
     }
     public class AzureSqlConnectionManager : DbUp.Engine.Transactions.DatabaseConnectionManager, DbUp.Engine.Transactions.IConnectionManager
     {
-        public AzureSqlConnectionManager(string connectionString) { }
-        public AzureSqlConnectionManager(string connectionString, string resource) { }
-        public AzureSqlConnectionManager(string connectionString, string resource, string tenantId, string azureAdInstance = "https://login.microsoftonline.com/") { }
+        public AzureSqlConnectionManager(string connectionString, Azure.Core.TokenCredential tokenCredential, string resource = "https://database.windows.net/", string tenantId = null) { }
         public override System.Collections.Generic.IEnumerable<string> SplitScriptIntoCommands(string scriptContents) { }
     }
     public class SqlConnectionManager : DbUp.Engine.Transactions.DatabaseConnectionManager, DbUp.Engine.Transactions.IConnectionManager

src/dbup-sqlserver/AzureSqlConnectionManager.cs

@@ -1,41 +1,38 @@
 using System.Collections.Generic;
-
+using System.Threading;
 using Microsoft.Data.SqlClient;
 using DbUp.Engine.Transactions;
 using DbUp.Support;
-
-using Microsoft.Azure.Services.AppAuthentication;
+using Azure.Core;
+using Azure.Identity;
 
 namespace DbUp.SqlServer;
 
 /// <summary>Manages an Azure Sql Server database connection.</summary>
 public class AzureSqlConnectionManager : DatabaseConnectionManager
 {
-    public AzureSqlConnectionManager(string connectionString)
-        : this(connectionString, "https://database.windows.net/", null)
-    { }
-
-    public AzureSqlConnectionManager(string connectionString, string resource)
-        : this(connectionString, resource, null)
-    { }
-
-    public AzureSqlConnectionManager(string connectionString, string resource, string tenantId, string azureAdInstance = "https://login.microsoftonline.com/")
+    public AzureSqlConnectionManager(
+        string connectionString,
+        TokenCredential tokenCredential,
+        string resource = "https://database.windows.net/",
+        string tenantId = null
+    )
         : base(new DelegateConnectionFactory((log, dbManager) =>
         {
+            var tokenContext =
+                new TokenRequestContext(scopes: new string[] { resource + "/.default" }, tenantId: tenantId);
             var conn = new SqlConnection(connectionString)
             {
-                AccessToken = new AzureServiceTokenProvider(azureAdInstance: azureAdInstance).GetAccessTokenAsync(resource, tenantId)
-                    .ConfigureAwait(false)
-                    .GetAwaiter()
-                    .GetResult()
+                AccessToken = tokenCredential.GetToken(tokenContext, CancellationToken.None).Token
             };
 
             if (dbManager.IsScriptOutputLogged)
                 conn.InfoMessage += (sender, e) => log.LogInformation($"{{0}}", e.Message);
 
             return conn;
         }))
-    { }
+    {
+    }
 
     public override IEnumerable<string> SplitScriptIntoCommands(string scriptContents)
     {

src/dbup-sqlserver/AzureSqlServerExtensions.cs

@@ -1,4 +1,5 @@
-using System;
+using Azure.Core;
+using Azure.Identity;
 using DbUp.Builder;
 using DbUp.SqlServer;
 
@@ -13,33 +14,21 @@ public static class AzureSqlServerExtensions
     /// <param name="supported">Fluent helper type.</param>
     /// <param name="connectionString">The connection string.</param>
     /// <param name="schema">The SQL schema name to use. Defaults to 'dbo' if <see langword="null" />.</param>
-    /// <returns>A builder for a database upgrader designed for Azure SQL Server databases.</returns>
-    public static UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(this SupportedDatabases supported, string connectionString, string schema)
-    {
-        return supported.SqlDatabase(new AzureSqlConnectionManager(connectionString), schema);
-    }
-
-    /// <summary>Creates an upgrader for Azure SQL Databases using Azure AD Integrated Security.</summary>
-    /// <param name="supported">Fluent helper type.</param>
-    /// <param name="connectionString">The connection string.</param>
-    /// <param name="schema">The SQL schema name to use. Defaults to 'dbo' if <see langword="null" />.</param>
-    /// <returns>A builder for a database upgrader designed for Azure SQL Server databases.</returns>
-    public static UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(this SupportedDatabases supported, string connectionString, string schema, string resource)
-    {
-        return AzureSqlDatabaseWithIntegratedSecurity(supported, connectionString, schema, resource, null);
-    }
-
-    /// <summary>Creates an upgrader for Azure SQL Databases using Azure AD Integrated Security.</summary>
-    /// <param name="supported">Fluent helper type.</param>
-    /// <param name="connectionString">The connection string.</param>
-    /// <param name="schema">The SQL schema name to use. Defaults to 'dbo' if <see langword="null" />.</param>
-    /// <param name="resource">Resource to access. e.g. https://management.azure.com/.</param>
+    /// <param name="tokenCredential">The credentials used. If null, 'DefaultAzureCredential' is used.</param>
+    /// <param name="resource">Resource to access. e.g. https://database.windows.net/.</param>
     /// <param name="tenantId">If not specified, default tenant is used. Managed Service Identity REST protocols do not accept tenantId, so this can only be used with certificate and client secret based authentication.</param>
-    /// <param name="azureAdInstance">Specify a value for clouds other than the Public Cloud.</param>
     /// <returns>A builder for a database upgrader designed for Azure SQL Server databases.</returns>
-    public static UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(this SupportedDatabases supported, string connectionString, string schema, string resource, string tenantId, string azureAdInstance = "https://login.microsoftonline.com/")
+    public static UpgradeEngineBuilder AzureSqlDatabaseWithIntegratedSecurity(
+        this SupportedDatabases supported, 
+        string connectionString, 
+        string schema = null, 
+        TokenCredential tokenCredential = null,
+        string resource = "https://database.windows.net/",
+        string tenantId = null
+    )
     {
-        return supported.SqlDatabase(new AzureSqlConnectionManager(connectionString, resource, tenantId, azureAdInstance), schema);
+        return supported.SqlDatabase(
+            new AzureSqlConnectionManager(connectionString, tokenCredential ?? new DefaultAzureCredential(), resource, tenantId), schema);
     }
 }
 #pragma warning restore CA1050 // Declare types in namespaces

src/dbup-sqlserver/Properties/AssemblyInfo.cs

@@ -2,7 +2,7 @@
 using System.Runtime.InteropServices;
 
 [assembly: ComVisible(false)]
-[assembly: CLSCompliant(true)]
+[assembly: CLSCompliant(false)]
 
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 [assembly: Guid("8190b40b-ac5b-414f-8a00-9b6a2c12b010")]

src/dbup-sqlserver/dbup-sqlserver.csproj

@@ -25,8 +25,7 @@
   <ItemGroup>
     <PackageReference Include="dbup-core" Version="6.0.0-beta.146"/>
     <PackageReference Include="System.Net.Security" Version="4.3.2" />
-    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.1" />
-    <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.6.2" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
   </ItemGroup>
 
   <ItemGroup>