Skip to content

Azure SDK migration for kv store#3559

Draft
ChihweiLHBird wants to merge 2 commits into
spinframework:mainfrom
ChihweiLHBird:zhiwei/azure-kv-store-sdk-migration
Draft

Azure SDK migration for kv store#3559
ChihweiLHBird wants to merge 2 commits into
spinframework:mainfrom
ChihweiLHBird:zhiwei/azure-kv-store-sdk-migration

Conversation

@ChihweiLHBird
Copy link
Copy Markdown
Contributor

@ChihweiLHBird ChihweiLHBird commented Jun 5, 2026
edited
Loading

Closes #3021.

Summary

This PR migrates spin-key-value-azure from the legacy Azure Cosmos SDK to the current azure_data_cosmos / azure_core / azure_identity stack.

It updates the Cosmos client construction and item APIs, keeps the existing account-key auth flow, and switches the no-key path to explicit Azure AD credential selection compatible with azure_identity 1.0.

What Changed

  • Upgraded spin-key-value-azure to azure_data_cosmos 0.34, azure_core 1.0, and azure_identity 1.0.
  • Reworked Cosmos client creation to use AccountReference, async container client initialization, and SDK-managed routing.
  • Added optional region runtime config and defaulted it to East US when omitted.
  • Replaced the old ambient-auth path with explicit AAD credential selection via auth_type.
  • Added support for selecting managed identity by client_id.
  • Updated CRUD, batch, increment, and CAS operations to the new SDK APIs.
  • Removed the old custom connection-pooling feature and direct reqwest transport setup now that the SDK manages transport internally.

Runtime Config

Existing account-key configuration continues to work unchanged.

For AAD-based auth, this PR supports these auth_type values when key is omitted:

  • developer_tools
  • managed_identity
  • workload_identity
  • service_principal

developer_tools is the default when auth_type is omitted. client_id is only used with managed_identity to select a user-assigned identity.

ChihweiLHBird
ChihweiLHBird commented Jun 5, 2026
View reviewed changes
Comment thread crates/key-value-azure/src/store.rs Outdated
}
KeyValueAzureCosmosAuthOptions::DeveloperTools => {
let credential: Arc<dyn TokenCredential> =
azure_identity::DeveloperToolsCredential::new(None).map_err(log_error)?;
Copy link
Copy Markdown
Contributor Author

@ChihweiLHBird ChihweiLHBird Jun 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is a regression due to the removal of azure_identity::create_default_credential() in the new SDK.
Azure/azure-sdk-for-rust#2093
Azure/azure-sdk-for-rust#4541

I am still evaluating solution to not bring the regression. So marked this PR as a draft.

@ChihweiLHBird ChihweiLHBird force-pushed the zhiwei/azure-kv-store-sdk-migration branch 4 times, most recently from c54b8f4 to 0ef22f4 Compare June 5, 2026 21:01
@ChihweiLHBird ChihweiLHBird marked this pull request as ready for review June 5, 2026 21:02
Copilot AI review requested due to automatic review settings June 5, 2026 21:02
@ChihweiLHBird ChihweiLHBird marked this pull request as draft June 5, 2026 21:02
@ChihweiLHBird ChihweiLHBird force-pushed the zhiwei/azure-kv-store-sdk-migration branch from 0ef22f4 to 047b4d5 Compare June 5, 2026 21:02
Copilot AI reviewed Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Modernizes the Azure Cosmos-backed key-value store to use newer Azure SDK APIs and adds explicit Azure AD authentication options plus region-aware routing.

Changes:

  • Migrates Cosmos DB interactions from older CollectionClient/document APIs to ContainerClient item APIs with lazy client initialization.
  • Adds explicit Azure AD credential selection (auth_type + optional client_id) and optional region configuration for proximity-based routing.
  • Updates Azure SDK dependency versions and removes the old connection-pooling feature wiring.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 6 comments.

File Description
crates/key-value-azure/src/store.rs Refactors Cosmos client initialization + CRUD/CAS operations to new SDK APIs; adds auth parsing/utilities and unit tests.
crates/key-value-azure/src/lib.rs Extends runtime config with region, auth_type, and client_id; wires them into store construction and exports AzureCredentialKind.
crates/key-value-azure/Cargo.toml Updates Azure SDK dependencies to newer major versions; removes old connection-pooling feature block.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/key-value-azure/src/lib.rs
Comment thread crates/key-value-azure/src/store.rs
Comment thread crates/key-value-azure/src/store.rs Outdated
Comment thread crates/key-value-azure/src/store.rs Outdated
Comment thread crates/key-value-azure/src/store.rs Outdated
Comment thread crates/key-value-azure/src/store.rs
@ChihweiLHBird
Azure SDK migration for kv store
4194e01 
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
@ChihweiLHBird ChihweiLHBird force-pushed the zhiwei/azure-kv-store-sdk-migration branch from 047b4d5 to f4aa370 Compare June 5, 2026 21:24
@ChihweiLHBird
Azure auth migration
a305727 
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
@ChihweiLHBird ChihweiLHBird force-pushed the zhiwei/azure-kv-store-sdk-migration branch from f4aa370 to a305727 Compare June 5, 2026 21:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support global distribution configuration with Cosmos KV SDK

2 participants

@ChihweiLHBird