Update Azure Key Vault Config Provider topic and sample #3896
Conversation
Rick-Anderson
changed the title
|
@anurse @blowdart 🎉🎈 We're off WIP now. 🎈🎉 Do u want to review the updates? @Rick-Anderson, plz 🔪 the WIP label, too. Couple of known things to address:
|
@Rick-Anderson @tdykstra Would you mind marking this **WIP** right now. I'll need to make a few passes on it prior to getting review underway. cc/ @anurse (partner in crime on this topic), @blowdart, @pakrym, @olavt, @Coderrob Fixes #3369 :flame: *HOT!* :flame: updates in this one: * 2.0 samples added (note that tabs aren't required, because the topic's examples are the same thus far across 1.x and 2.x). However, the 1.1 and 2.0 samples are linked when mentioning to the reader what they can download. * Re-organized the topic a bit to accomodate the two samples. * Reacted to the feedback in #3369 and the discussion in #3525. * Samples are refactored into an example of placing secrets into a single key vault for different app *versions*, not app names. Using app names or the environment isn't a security best practice. Update Update Updates Updates Update Updates Update Updates Updates
|
@anurse can you do a quick review (or recommend someone)? |
|
Ugh ... In spite of the 2.0 sample just working on the prerelease packages, the sample is breaking now with 2.0 release packages. I'll see if I can sort it out. I need to sort out the cross-targeting situation (
Nevermind! on |
|
Let's see if conditioning that <ItemGroup> is the right way to go there. |
|
It's all sorted out now thanks to Kevin @PinpointTownes. In the first case, I was using a 🪲 bug as a "feature" to cross-target In the second case, We're good now! ... first day fun with 2.0 release bits. This PR is ready for 👀. |
| View or download sample code for 2.x: | ||
|
|
||
| * [Basic sample](https://github.com/aspnet/Docs/tree/master/aspnetcore/security/key-vault-configuration/samples/sample1/2.0) - Reads secret values into an app. | ||
| * [Key name prefix sampl](https://github.com/aspnet/Docs/tree/master/aspnetcore/security/key-vault-configuration/samples/sample2/2.0) - Reads secret values using a key name prefix that represents the version of an app, which allows you to load a different set of secret values for each app version. |
There was a problem hiding this comment.
My keyboard hates me! I know I didn't type it that way initially. lol
|
|
||
| ## Package | ||
| To use the provider, add a reference to the [`Microsoft.Extensions.Configuration.AzureKeyVault`](https://www.nuget.org/packages/Microsoft.Extensions.Configuration.AzureKeyVault/) package. The provider depends on .NET Framework 4.5.1 or .NET Standard 1.5 or higher. This feature is available for applications that target ASP.NET Core 1.1.0 or higher. | ||
| To use the provider, add a reference to the [Microsoft.Extensions.Configuration.AzureKeyVault](https://www.nuget.org/packages/Microsoft.Extensions.Configuration.AzureKeyVault/) package. The provider depends on .NET Framework 4.5.1 (1.1)/4.6.1 (2.x) or .NET Standard 1.5 or higher. |
There was a problem hiding this comment.
I recommend including a space on either side of the forward slash. This will make the version numbers a bit easier to read. Also, it may be best to explicitly state "ASP.NET Core 1.1" and "ASP.NET Core 2.x" instead of 1.1 and 2.x, respectively.
There was a problem hiding this comment.
I'm going to try a list of three fully-qualified items on the next commit. 🤞
|
@scottaddie 👍 Try that list revision ... I think it works. |
|
@Rick-Anderson @tdykstra @scottaddie Hold a sec before u pull the trigger here. 🔫 I'm concerned about the sample naming scheme. I went off to work the URL Rewriting Middleware samples, and it's clear that I need guidance on the naming of samples and folders. The last sample on these for the prior major version is 1.1. It's easy to see that they should prob be called "the ASP.NET Core 1.1 sample." The folder path to it is simply .../samples/1.1/. Things get hairy for 2.0/2.x. Any of the following schemes work:
Which way to u want to go? ... and sit on this PR for just a sec after u respond. I need to touch it based on your guidance. |
|
I don't think you need that much detail. I use sample1 and sample2 for 1.x and 2.x. |
|
If they only say "sample1," "sample2," etc. it might be harder to grok what those are. I'll put in a plug for something like (depending on minor version handling) ... or However if u met and figured it out that they should just be "sampleX," then I'll just do that here and on the upcoming PR's. |
|
I wouldn't say we settled on a rule for everyone to follow; you're welcome to adopt your own pattern here unless Rick/Scott think otherwise. But I think single digits work generally because it's not likely we have to maintain multiple minor versions very often. |
|
I though we were only maintaining one sample. Why do we need more than the current? |
|
If we decide to maintain more than 1 sample, then I prefer the 1.x, 2.x, 3.x convention. |
|
I like the 1.x, 2.x, 3.x. It may solve a few problems:
Another great option, but I have a feel'in in my bones: Some enterprise devs will get handed projects and told "add this thing to the project," and it will be, say, a 1.x-era project. Assume that the docs have rolled forward to version 3.0 with only a 3.0 sample showing. They aren't allowed (lack of time and resources) to upgrade the whole project 1.x to 3.0. They could face a big pain point trying to find a 1.x sample from repo history or hitting up random blogs from the era to help them. But I took your point well on the tutorial comment: I totally get that. NO point in showing a 1.1 sample in a tutorial in the 2.0 or 3.0 era! lol Stand-by for a sec before merging this. I'll have an update here shortly ... need to just touch it a hair for this. Will ping u soon! |
|
ok. The "1.1" could have stayed over going to "1.x", except that would make this topic inconsistent with the next three I plan to tackle. In the topic, there's already a note about this feature's first arrival at 1.1. I add a similar note to the 1.x samples. Wherever the reader lands in folders or samples (looking at README files), it should be super-clear what they're seeing. |
Add one Minor text change More minor changes Even better One more
|
The line on dependencies really doesn't work well after all ...
... the dev should follow the link and use nuget.org to get the deps ... it's just "a thing" in the new world order. |
guardrex
changed the title
guardrex
changed the title
|
@guardrex what do we need to finish this? |
|
If he's available, I was hoping @anurse would TAL. |
|
@guardrex can you provide a TLDR; executive overview of what should be reviewed? |
|
@Rick-Anderson There's really one important thing: The new 2.0 sample. It works, but it could benefit from an [@]anurse or other dev team review. We already know that [@]blowdart is good with dropping the "environment" prefix approach of the sample and going with prefixes for the app version (#3525 (comment); however, their sample still needs work imo aspnet/Configuration#708). Flipping over to the diff view and searching the page with I feel good with @scottaddie's review on the rest of it. |
guardrex
changed the title
guardrex
changed the title
|
@Rick-Anderson Samples updated here. 👍 |
|
@guardrex ready to merge? |
|
@Rick-Anderson Yes, ready to 🎸! |
cc/ @anurse (partner in crime on this topic), @blowdart, @pakrym, @olavt, @Coderrob
Fixes #3369
🔥 HOT! 🔥 updates in this one: