arcus-azure
diff --git a/‎docs/preview/02-Features/04-AzureActiveDirectory/client-secret-expiration-job.md‎
Lines changed: 11 additions & 17 deletions b/‎docs/preview/02-Features/04-AzureActiveDirectory/client-secret-expiration-job.md‎
Lines changed: 11 additions & 17 deletions
diff --git a/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/Arcus.BackgroundJobs.AzureActiveDirectory.csproj‎
Lines changed: 6 additions & 4 deletions b/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/Arcus.BackgroundJobs.AzureActiveDirectory.csproj‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/ClientSecretExpirationJob.cs‎
Lines changed: 39 additions & 4 deletions b/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/ClientSecretExpirationJob.cs‎
Lines changed: 39 additions & 4 deletions
diff --git a/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/ClientSecretExpirationJobOptions.cs‎
Lines changed: 50 additions & 3 deletions b/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/ClientSecretExpirationJobOptions.cs‎
Lines changed: 50 additions & 3 deletions
diff --git a/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/Extensions/IServiceCollectionExtensions.cs‎
Lines changed: 35 additions & 13 deletions b/‎src/Arcus.BackgroundJobs.AzureActiveDirectory/Extensions/IServiceCollectionExtensions.cs‎
Lines changed: 35 additions & 13 deletions
diff --git a/‎src/Arcus.BackgroundJobs.AzureAppConfiguration/Arcus.BackgroundJobs.AzureAppConfiguration.csproj‎
Lines changed: 0 additions & 2 deletions b/‎src/Arcus.BackgroundJobs.AzureAppConfiguration/Arcus.BackgroundJobs.AzureAppConfiguration.csproj‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/Arcus.BackgroundJobs.AzureAppConfiguration/Extensions/IServiceCollectionExtensions.cs‎
Lines changed: 1 addition & 1 deletion b/‎src/Arcus.BackgroundJobs.AzureAppConfiguration/Extensions/IServiceCollectionExtensions.cs‎
Lines changed: 1 addition & 1 deletion
@@ -23,30 +23,26 @@ If this is the case either a `ClientSecretAboutToExpire` or `ClientSecretExpired
 
 ## Usage
 
-Our background job has to be configured in `ConfigureServices` method:
+The background job can easily be added to any .NET hosted application. It is recommended though to create a dedicated background application to run background jobs.
 
 ```csharp
-using Arcus.EventGrid.Publishing;
-using Arcus.EventGrid.Publishing.Interfaces;
+using Microsoft.Extensions.Azure;
 using Microsoft.Extensions.DependencyInjection;
 
-public class Startup
+public class Program
 {
     public void ConfigureServices(IServiceCollection services)
     {
-        // Make sure that the application has an Arcus EventGrid publisher configured to where the CloudEvents are sent to.
+        // Make sure that the application has a Microsoft EventGrid publisher client configured to where the CloudEvents are sent to.
         // For more information on the Arcus EventGrid publisher: https://eventgrid.arcus-azure.net/Features/publishing-events.
-        services.AddSingleton<IEventGridPublisher>(serviceProvider =>
+        services.AddAzureClients(clients =>
         {
-            IEventGridPublisher publisher =
-                EventGridPublisherBuilder
-                    .ForTopic("<topic-endpoint>")
-                    .UsingAuthenticationKey("<key>")
-                    .Build();
-
-            return publisher;
+            // Arcus provides an additional extension overload that lets us pass-in a secret name instead of the authentication key directly.
+            // This secret name will be used to contact the Arcus secret store to retrieve the authentication key. (more info: https://security.arcus-azure.net/features/secret-store)
+            // Note that this Arcus extension needs an correlation system to configure service-to-service correlation. This is by default available in Arcus HTTP middleware and Messaging components (more info: https://observability.arcus-azure.net/Features/correlation).
+            clients.AddEventGridPublisherClient("https://az-eventgrid-topic-endpoint", "Authentication.Key.Secret.Name");
         });
-    
+
         services.AddClientSecretExpirationJob(options => 
         {
             // The expiration threshold for the client secrets. 
@@ -65,6 +61,4 @@ public class Startup
         });
     }
 }
-```
-
-[&larr; back](/)
+```
@@ -26,20 +26,22 @@
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net6.0'">
     <PackageReference Include="Arcus.EventGrid.Publishing" Version="[3.2.0, 4.0.0)" />
-    <PackageReference Include="Arcus.Observability.Telemetry.Core" Version="[2.4.0, 3.0.0)" />
+    <PackageReference Include="Arcus.EventGrid.Core" Version="[3.3.0,4.0.0)" />
+    <PackageReference Include="Arcus.Observability.Telemetry.Core" Version="[2.5.0, 3.0.0)" />
     <PackageReference Include="Arcus.Security.Core" Version="[1.7.0, 2.0.0)" />
     <PackageReference Include="Guard.Net" Version="2.0.0" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' != 'net6.0'">
+    <PackageReference Include="Arcus.EventGrid.Core" Version="[3.3.0,4.0.0)" />
     <PackageReference Include="Arcus.EventGrid.Publishing" Version="[3.1.0, 4.0.0)" />
-    <PackageReference Include="Arcus.Observability.Telemetry.Core" Version="[2.0.0, 3.0.0)" />
-    <PackageReference Include="Arcus.Security.Core" Version="[1.6.0, 2.0.0)" />
+    <PackageReference Include="Arcus.Observability.Telemetry.Core" Version="[2.5.0, 3.0.0)" />
+    <PackageReference Include="Arcus.Security.Core" Version="[1.7.0, 2.0.0)" />
     <PackageReference Include="Guard.Net" Version="1.2.0" />
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.4.1" />
+    <PackageReference Include="Azure.Identity" Version="1.8.0" />
     <PackageReference Include="CronScheduler.AspNetCore" Version="3.0.1" />
     <PackageReference Include="Microsoft.Graph" Version="4.6.0" />
   </ItemGroup>
 
@@ -2,8 +2,9 @@
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using Arcus.EventGrid.Publishing.Interfaces;
 using Azure.Identity;
+using Azure.Messaging.EventGrid; 
+using Arcus.EventGrid.Publishing.Interfaces; 
 using CloudNative.CloudEvents;
 using CronScheduler.Extensions.Scheduler;
 using GuardNet;
@@ -19,9 +20,29 @@ namespace Arcus.BackgroundJobs.AzureActiveDirectory
     public class ClientSecretExpirationJob : IScheduledJob
     {
         private readonly ClientSecretExpirationJobSchedulerOptions _options;
-        private readonly IEventGridPublisher _eventGridPublisher;
+        private readonly EventGridPublisherClient _publisherClient;
+        private readonly IEventGridPublisher _eventGridPublisher; 
         private readonly ILogger<ClientSecretExpirationJob> _logger;
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ClientSecretExpirationJob" /> class.
+        /// </summary>
+        public ClientSecretExpirationJob(
+            IOptionsMonitor<ClientSecretExpirationJobSchedulerOptions> options,
+            EventGridPublisherClient publisherClient,
+            ILogger<ClientSecretExpirationJob> logger)
+        {
+            Guard.NotNull(options, nameof(options));
+            Guard.NotNull(publisherClient, nameof(publisherClient));
+            Guard.NotNull(logger, nameof(logger));
+
+            ClientSecretExpirationJobSchedulerOptions value = options.Get(Name);
+            Guard.NotNull(options, nameof(options), "Requires a registered options instance for this background job");
+
+            _options = value;
+            _publisherClient = publisherClient;
+            _logger = logger;
+        }
         /// <summary>
         /// Initializes a new instance of the <see cref="ClientSecretExpirationJob"/> class.
         /// </summary>
@@ -32,6 +53,7 @@ public class ClientSecretExpirationJob : IScheduledJob
         ///     Thrown when the <paramref name="options"/>, <paramref name="eventGridPublisher"/>, <paramref name="logger"/> is <c>null</c>
         ///     or the <see cref="IOptionsMonitor{TOptions}.Get"/> on the  <paramref name="options"/> returns <c>null</c>.
         /// </exception>
+        [Obsolete("Use the constructor overload with the Microsoft " + nameof(EventGridPublisherClient) + " instead")]
         public ClientSecretExpirationJob(
             IOptionsMonitor<ClientSecretExpirationJobSchedulerOptions> options,
             IEventGridPublisher eventGridPublisher,
@@ -140,8 +162,21 @@ private void LogPotentialSecretEvent(AzureApplication application, ClientSecretE
 
         private async Task PublishPotentialSecretEventAsync(AzureApplication application, ClientSecretExpirationEventType eventType)
         {
-            CloudEvent @event = _options.UserOptions.CreateEvent(application, eventType);
-            await _eventGridPublisher.PublishAsync(@event);
+            if (_publisherClient != null)
+            {
+                Azure.Messaging.CloudEvent @event = _options.UserOptions.CreateCloudEvent(application, eventType);
+                await _publisherClient.SendEventAsync(@event);
+            } 
+            else if (_eventGridPublisher != null)
+            {
+                CloudEvent @event = _options.UserOptions.CreateEvent(application, eventType);
+                await _eventGridPublisher.PublishAsync(@event);
+            }
+            else
+            {
+                throw new InvalidOperationException(
+                    $"Cannot determine EventGrid publisher instance, either use the Microsoft {nameof(EventGridPublisherClient)} or the deprecated Arcus {nameof(IEventGridPublisher)} when initializing this background job");
+            }
         }
     }
 }
@@ -1,8 +1,11 @@
 using System;
 using System.Net.Mime;
+using Azure.Messaging;
+using Azure.Messaging.EventGrid;
 using CloudNative.CloudEvents;
 using GuardNet;
 using Microsoft.Extensions.DependencyInjection;
+using CloudEvent = CloudNative.CloudEvents.CloudEvent;
 
 namespace Arcus.BackgroundJobs.AzureActiveDirectory
 {
@@ -15,6 +18,7 @@ public class ClientSecretExpirationJobOptions
         private bool _runImmediately = false;
         private Uri _eventUri = new Uri("https://azure.net/");
         private int _expirationThreshold = 14;
+        private string _clientName = "Default";
 
         /// <summary>
         /// Gets or sets the hour which to query for client secrets.
@@ -60,7 +64,7 @@ public Uri EventUri
         }
 
         /// <summary>
-        /// Gets or sets the threshold for the expiration, if the end datetime for a secret is lower than this value a <see cref="CloudEvent"/> will be published.
+        /// Gets or sets the threshold for the expiration. If the end datetime for a secret is lower than this value a <see cref="CloudNative.CloudEvents.CloudEvent"/> will be published.
         /// </summary>
         /// <exception cref="ArgumentOutOfRangeException">Thrown when the <paramref name="value"/> is less than zero.</exception>
         public int ExpirationThreshold
@@ -75,10 +79,24 @@ public int ExpirationThreshold
         }
 
         /// <summary>
-        /// Creates a <see cref="CloudEvent"/> instance using the predefined values.
+        /// Gets or sets the logical client name of the registered <see cref="EventGridPublisherClient"/> (default: Default).
+        /// </summary>
+        /// <exception cref="ArgumentException">Thrown when the <paramref name="value"/> is blank.</exception>
+        public string ClientName
+        {
+            get => _clientName;
+            set
+            {
+                Guard.NotNullOrWhitespace(value, nameof(value), "Requires a non-blank logical client name of the registered EventGrid publisher client");
+                _clientName = value;
+            }
+        }
+
+        /// <summary>
+        /// Creates a <see cref="CloudNative.CloudEvents.CloudEvent"/> instance using the predefined values.
         /// </summary>
         /// <param name="application">The <see cref="AzureApplication"/> containing the information regarding the application and its expiring or about to expire secret.</param>
-        /// <param name="type">The type used in the creation of the <see cref="CloudEvent"/>.</param>
+        /// <param name="type">The type used in the creation of the <see cref="CloudNative.CloudEvents.CloudEvent"/>.</param>
         /// <exception cref="ArgumentNullException">Thrown when the <paramref name="application"/> is null.</exception>
         /// <exception cref="ArgumentException">Thrown when the <paramref name="application"/> name is blank.</exception>
         internal CloudEvent CreateEvent(AzureApplication application, ClientSecretExpirationEventType type)
@@ -102,5 +120,34 @@ internal CloudEvent CreateEvent(AzureApplication application, ClientSecretExpira
 
             return @event;
         }
+
+        /// <summary>
+        /// Creates a <see cref="CloudEvent"/> instance using the predefined values.
+        /// </summary>
+        /// <param name="application">The <see cref="AzureApplication"/> containing the information regarding the application and its expiring or about to expire secret.</param>
+        /// <param name="type">The type used in the creation of the <see cref="CloudEvent"/>.</param>
+        /// <exception cref="ArgumentNullException">Thrown when the <paramref name="application"/> is null.</exception>
+        /// <exception cref="ArgumentException">Thrown when the <paramref name="application"/> name is blank.</exception>
+        internal Azure.Messaging.CloudEvent CreateCloudEvent(AzureApplication application, ClientSecretExpirationEventType type)
+        {
+            Guard.NotNull(application, nameof(application));
+            Guard.NotNullOrWhitespace(application.Name, nameof(application.Name));
+
+            string eventSubject = $"/appregistrations/clientsecrets/{application.KeyId}";
+            string eventId = Guid.NewGuid().ToString();
+
+            var @event = new Azure.Messaging.CloudEvent(
+                _eventUri.OriginalString,
+                type.ToString(),
+                BinaryData.FromObjectAsJson(application),
+                "application/json",
+                CloudEventDataFormat.Json)
+            {
+                Id = eventId,
+                Subject = eventSubject
+            };
+                
+            return @event;
+        }
     }
 }
@@ -1,7 +1,10 @@
 using System;
 using Arcus.BackgroundJobs.AzureActiveDirectory;
+using Azure.Messaging.EventGrid; 
+using Microsoft.Extensions.Azure;
 using Arcus.EventGrid.Publishing.Interfaces;
 using GuardNet;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
@@ -20,28 +23,36 @@ public static class IServiceCollectionExtensions
         /// which will query Azure Active Directory for applications that have expired or soon to be expired secrets and send a CloudEvent to an Event Grid Topic.
         /// </summary>
         /// <remarks>
-        ///     Make sure that you register an <see cref="IEventGridPublisher"/> instance that the background job can use to publish events for potential expired Azure Application secrets.
+        ///     Make sure that you register either an <see cref="EventGridPublisherClient"/> or <see cref="IEventGridPublisher"/> instance
+        ///     that the background job can use to publish events for potential expired Azure Application secrets.
         ///     For more information on Azure EventGrid, see: <a href="https://eventgrid.arcus-azure.net/Features/publishing-events" />.
         /// </remarks>
         /// <param name="services">The services to add the background job to.</param>
         /// <exception cref="ArgumentNullException">Thrown when <paramref name="services"/> is <c>null</c>.</exception>
+        /// <exception cref="InvalidOperationException">
+        ///     Thrown when neither an <see cref="EventGridPublisherClient"/> or <see cref="IEventGridPublisher"/> is registered in the application <paramref name="services"/>.
+        /// </exception>
         public static IServiceCollection AddClientSecretExpirationJob(this IServiceCollection services)
         {
             Guard.NotNull(services, nameof(services));
             return AddClientSecretExpirationJob(services, configureOptions: null);
-        }
+        } 
 
         /// <summary>
         /// Adds the <see cref="ClientSecretExpirationJob"/> scheduled job
         /// which will query Azure Active Directory for applications that have expired or soon to be expired secrets and send a CloudEvent to an Event Grid Topic.
         /// </summary>
         /// <remarks>
-        ///     Make sure that you register an <see cref="IEventGridPublisher"/> instance that the background job can use to publish events for potential expired Azure Application secrets.
+        ///     Make sure that you register either an <see cref="EventGridPublisherClient"/> or <see cref="IEventGridPublisher"/> instance
+        ///     that the background job can use to publish events for potential expired Azure Application secrets.
         ///     For more information on Azure EventGrid, see: <a href="https://eventgrid.arcus-azure.net/Features/publishing-events" />.
         /// </remarks>
         /// <param name="services">The services to add the background job to.</param>
         /// <param name="configureOptions">The optional additional customized user configuration of options for this background job.</param>
         /// <exception cref="ArgumentNullException">Thrown when <paramref name="services"/> is <c>null</c>.</exception>
+        /// <exception cref="InvalidOperationException">
+        ///     Thrown when neither an <see cref="EventGridPublisherClient"/> or <see cref="IEventGridPublisher"/> is registered in the application <paramref name="services"/>.
+        /// </exception>
         public static IServiceCollection AddClientSecretExpirationJob(
             this IServiceCollection services, 
             Action<ClientSecretExpirationJobOptions> configureOptions)
@@ -54,20 +65,31 @@ public static IServiceCollection AddClientSecretExpirationJob(
                     serviceProvider =>
                     {
                         var options = serviceProvider.GetRequiredService<IOptionsMonitor<ClientSecretExpirationJobSchedulerOptions>>();
-                        var publisher = serviceProvider.GetService<IEventGridPublisher>();
-                        if (publisher is null)
-                        {
-                            throw new InvalidOperationException(
-                                "Could not create a client secret expiration background job because no Arcus EventGrid publisher was registered in the application services, "
-                                + $"please add an '{nameof(IEventGridPublisher)}' instance to the registered services."
-                                + "For more information, see: https://eventgrid.arcus-azure.net/Features/publishing-events");
-                        }
-
                         var logger =
                             serviceProvider.GetService<ILogger<ClientSecretExpirationJob>>()
                             ?? NullLogger<ClientSecretExpirationJob>.Instance;
 
-                        return new ClientSecretExpirationJob(options, publisher, logger);
+                        var factory = serviceProvider.GetService<IAzureClientFactory<EventGridPublisherClient>>();
+                        if (factory != null)
+                        {
+                            ClientSecretExpirationJobOptions userOptions = options.Get(nameof(ClientSecretExpirationJob)).UserOptions;
+                            EventGridPublisherClient client = factory.CreateClient(userOptions.ClientName);
+                            return new ClientSecretExpirationJob(options, client, logger);
+                        }
+                        
+#pragma warning disable CS0618 // Making sure this functionality is backwards compatible, despite it being deprecated.
+                        var deprecatedClient = serviceProvider.GetService<IEventGridPublisher>();
+                        if (deprecatedClient != null)
+                        {
+                            return new ClientSecretExpirationJob(options, deprecatedClient, logger);
+#pragma warning restore CS0618
+                        }
+
+                        throw new InvalidOperationException(
+                            "Could not create a client secret expiration background job because no Microsoft or Arcus EventGrid publisher was registered in the application services, "
+                            + $"please add either an '{nameof(EventGridPublisherClient)}' instance via '{nameof(AzureClientFactoryBuilderExtensions.AddEventGridPublisherClient)}'"
+                            + $"or an '{nameof(IEventGridPublisher)}' instance via 'services.AddEventGridPublisher' to the registered services."
+                            + "For more information, see: https://eventgrid.arcus-azure.net/Features/publishing-events");
                     },
                     options =>
                     {
 
@@ -25,13 +25,11 @@
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net6.0'">
-    <PackageReference Include="Arcus.EventGrid" Version="[3.2.0,4.0.0)" />
     <PackageReference Include="Arcus.Messaging.Pumps.ServiceBus" Version="[1.2.0,2.0.0)" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.2" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' != 'net6.0'">
-    <PackageReference Include="Arcus.EventGrid" Version="[3.0.0,4.0.0)" />
     <PackageReference Include="Arcus.Messaging.Pumps.ServiceBus" Version="[1.1.0,2.0.0)" />
     <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
   </ItemGroup>
 
@@ -2,7 +2,7 @@
 using Arcus.BackgroundJobs.AzureAppConfiguration;
 using Arcus.Messaging.Abstractions.ServiceBus.MessageHandling;
 using Arcus.Messaging.Pumps.ServiceBus.Configuration;
-using CloudNative.CloudEvents;
+using Azure.Messaging;
 using GuardNet;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.AzureAppConfiguration;