Cosmos DB hosting integration obsolete API and default managed identity support
In .NET Aspire 9.1, the AddDatabase() method is obsolete and replaced by AddCosmosDatabase(). Additionally, AddAzureCosmosDB() now uses Managed Identity by default during provisioning instead of creating a Key Vault instance with a random access key.
Version introduced
.NET Aspire 9.1
Previous behavior
Previously, the AddDatabase() method was used to add a database. The AddAzureCosmosDB() method created a Key Vault instance with a random access key by default.
New behavior
The AddDatabase() method is now obsolete and replaced by AddCosmosDatabase(). Consider the following example that uses the new API:
var builder = DistributedApplication.CreateBuilder(args);
var cosmosdb = builder.AddAzureCosmosDB("cosmos");
var database = cosmosdb.AddCosmosDatabase("database");
The AddAzureCosmosDB() method now uses Managed Identity by default. To revert to the previous behavior's use of key-based authentication, call WithAccessKeyAuthentication():
var builder = DistributedApplication.CreateBuilder(args);
var cosmosdb = builder.AddAzureCosmosDB("cosmos")
.WithAccessKeyAuthentication();
Type of breaking change
This change is a source incompatible and behavioral change.
Reason for change
The change follows the new API pattern when an existing resource is returned instead of a new resource (Add vs With). The obsolete AddDatabase() didn't return the newly created AzureCosmosDBDatabaseResource instance. The new AddCosmosDatabase() does return the child resource.
It also enhances security by using token credentials instead of secrets in connection strings. For more information, see EventHubs, ServiceBus, and CosmosDB Hosting integrations should create Resources for children.
Recommended action
Use AddCosmosDatabase() instead of AddDatabase(). Update applications to use token credentials instead of secrets in connection strings.
Affected APIs
Aspire.Hosting.AzureCosmosExtensions.AddDatabase
.NET Aspire