Azure SDK migration for kv store#3559
Draft
ChihweiLHBird wants to merge 7 commits into
Draft
Conversation
ChihweiLHBird
commented
Jun 5, 2026
c54b8f4 to
0ef22f4
Compare
0ef22f4 to
047b4d5
Compare
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Modernizes the Azure Cosmos-backed key-value store to use newer Azure SDK APIs and adds explicit Azure AD authentication options plus region-aware routing.
Changes:
- Migrates Cosmos DB interactions from older
CollectionClient/document APIs toContainerClientitem APIs with lazy client initialization. - Adds explicit Azure AD credential selection (
auth_type+ optionalclient_id) and optional region configuration for proximity-based routing. - Updates Azure SDK dependency versions and removes the old connection-pooling feature wiring.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| crates/key-value-azure/src/store.rs | Refactors Cosmos client initialization + CRUD/CAS operations to new SDK APIs; adds auth parsing/utilities and unit tests. |
| crates/key-value-azure/src/lib.rs | Extends runtime config with region, auth_type, and client_id; wires them into store construction and exports AzureCredentialKind. |
| crates/key-value-azure/Cargo.toml | Updates Azure SDK dependencies to newer major versions; removes old connection-pooling feature block. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
35982d4 to
198e1a1
Compare
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
25741cd to
64546c4
Compare
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
64546c4 to
b5f6d83
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #3021.
Summary
This PR migrates
spin-key-value-azurefrom the legacy Azure Cosmos SDK to the currentazure_data_cosmos/azure_core/azure_identitystack.It updates the Cosmos client construction and item APIs, keeps the existing account-key auth flow, and switches the no-
keypath to explicit Azure AD credential selection compatible withazure_identity1.0.What Changed
spin-key-value-azuretoazure_data_cosmos 0.34,azure_core 1.0, andazure_identity 1.0.AccountReference, async container client initialization, and SDK-managed routing.regionruntime config and defaulted it toEast USwhen omitted.auth_type.client_id.reqwesttransport setup now that the SDK manages transport internally.Runtime Config
Existing account-key configuration continues to work unchanged.
For AAD-based auth, this PR supports these
auth_typevalues whenkeyis omitted:developer_toolsmanaged_identityworkload_identityservice_principaldeveloper_toolsis the default whenauth_typeis omitted.client_idis only used withmanaged_identityto select a user-assigned identity.