Muokkaa

Jaa


Integrate the Azure Cosmos DB for Gremlin with Service Connector

This page shows supported authentication methods and clients, and shows sample code you can use to connect Azure Cosmos DB for Apache Gremlin to other cloud services using Service Connector. You might still be able to connect to Azure Cosmos DB for Gremlin in other programming languages without using Service Connector. This page also shows default environment variable names and values you get when you create the service connection.

Supported compute services

Service Connector can be used to connect the following compute services to Azure Cosmos DB for Apache Gremlin:

  • Azure App Service
  • Azure Container Apps
  • Azure Functions
  • Azure Kubernetes Service (AKS)
  • Azure Spring Apps

Supported authentication types and client types

The table below shows which combinations of client types and authentication methods are supported for connecting your compute service to Azure Cosmos DB for Apache Gremlin using Service Connector. A “Yes” indicates that the combination is supported, while a “No” indicates that it is not supported.

Client type System-assigned managed identity User-assigned managed identity Secret / connection string Service principal
.NET Yes Yes Yes Yes
Java Yes Yes Yes Yes
Node.js Yes Yes Yes Yes
PHP Yes Yes Yes Yes
Python Yes Yes Yes Yes
Go Yes Yes Yes Yes
None Yes Yes Yes Yes

This table indicates that all combinations of client types and authentication methods in the table are supported. All client types can use any of the authentication methods to connect to Azure Cosmos DB for Apache Gremlin using Service Connector.

Default environment variable names or application properties and sample code

Use the connection details below to connect your compute services to Azure Cosmos DB for Apache Gremlin. For each example below, replace the placeholder texts <Azure-Cosmos-DB-account>, <database>, <collection or graphs>, <username>, <password>, <resource-group-name>, <subscription-ID>, <client-ID>,<client-secret>, and <tenant-id> with your own information. For more information about naming conventions, check the Service Connector internals article.

System-assigned managed identity

Default environment variable name Description Example value
AZURE_COSMOS_LISTKEYURL The URL to get the connection string https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15
AZURE_COSMOS_SCOPE Your managed identity scope https://management.azure.com/.default
AZURE_COSMOS_RESOURCEENDPOINT Your resource endpoint https://<Azure-Cosmos-DB-account>.documents.azure.com:443/
AZURE_COSMOS_HOSTNAME Your Gremlin Unique Resource Identifier (UFI) <Azure-Cosmos-DB-account>.gremlin.cosmos.azure.com
AZURE_COSMOS_PORT Connection port 443
AZURE_COSMOS_USERNAME Your username /dbs/<database>/colls/<collection or graphs>

Sample code

Refer to the steps and code below to connect to Azure Cosmos DB for Gremlin using a system-assigned managed identity.

  1. Install dependencies.

    dotnet add package Gremlin.Net
    dotnet add package Azure.Identity
    
  2. Get an access token for the managed identity or service principal using client library Azure.Identity. Use the access token and AZURE_COSMOS_LISTKEYURL to get the password. Get the connection information from the environment variables added by Service Connector and connect to Azure Cosmos DB for Apache Gremlin. When using the code below, uncomment the part of the code snippet for the authentication type you want to use.

    using System;
    using System.Security.Authentication;
    using System.Net.Security;
    using System.Net.Http;
    using System.Security.Authentication;
    using System.Threading.Tasks;
    using System;
    using Gremlin.Net.Driver;
    using Azure.Identity;
    
    var gremlinEndpoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_RESOURCEENDPOINT");
    var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
    var gremlinPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
    var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
    var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");
    
    // Uncomment the following lines corresponding to the authentication type you want to use.
    // For system-assigned identity.
    // var tokenProvider = new DefaultAzureCredential();
    
    // For user-assigned identity.
    // var tokenProvider = new DefaultAzureCredential(
    //     new DefaultAzureCredentialOptions
    //     {
    //         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
    //     }
    // );
    
    // For service principal.
    // var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
    // var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
    // var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
    // var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);
    
    // Acquire the access token. 
    AccessToken accessToken = await tokenProvider.GetTokenAsync(
        new TokenRequestContext(scopes: new string[]{ scope }));
    
    // Get the password.
    var httpClient = new HttpClient();
    httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
    var response = await httpClient.POSTAsync(listKeyUrl);
    var responseBody = await response.Content.ReadAsStringAsync();
    var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
    var password = keys["primaryMasterKey"];
    
    // Connect to Azure Cosmos DB for Apache Gremlin
    var server = new GremlinServer(
        hostname: gremlinEndpoint,
        port: gremlinPort,
        username: userName,
        password: password,
        enableSsl: true
    );
    
    using var client = new GremlinClient(
        gremlinServer: server,
        messageSerializer: new Gremlin.Net.Structure.IO.GraphSON.GraphSON2MessageSerializer()
    );        
    
    

User-assigned managed identity

Default environment variable name Description Example value
AZURE_COSMOS_LISTKEYURL The URL to get the connection string https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15
AZURE_COSMOS_SCOPE Your managed identity scope https://management.azure.com/.default
AZURE_COSMOS_RESOURCEENDPOINT Your resource endpoint https://<Azure-Cosmos-DB-account>.documents.azure.com:443/
AZURE_COSMOS_HOSTNAME Your Gremlin Unique Resource Identifier (UFI) <Azure-Cosmos-DB-account>.gremlin.cosmos.azure.com
AZURE_COSMOS_PORT Connection port 443
AZURE_COSMOS_USERNAME Your username /dbs/<database>/colls/<collection or graphs>
AZURE_CLIENTID Your client ID <client_ID>

Sample code

Refer to the steps and code below to connect to Azure Cosmos DB for Gremlin using a user-assigned managed identity.

  1. Install dependencies.

    dotnet add package Gremlin.Net
    dotnet add package Azure.Identity
    
  2. Get an access token for the managed identity or service principal using client library Azure.Identity. Use the access token and AZURE_COSMOS_LISTKEYURL to get the password. Get the connection information from the environment variables added by Service Connector and connect to Azure Cosmos DB for Apache Gremlin. When using the code below, uncomment the part of the code snippet for the authentication type you want to use.

    using System;
    using System.Security.Authentication;
    using System.Net.Security;
    using System.Net.Http;
    using System.Security.Authentication;
    using System.Threading.Tasks;
    using System;
    using Gremlin.Net.Driver;
    using Azure.Identity;
    
    var gremlinEndpoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_RESOURCEENDPOINT");
    var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
    var gremlinPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
    var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
    var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");
    
    // Uncomment the following lines corresponding to the authentication type you want to use.
    // For system-assigned identity.
    // var tokenProvider = new DefaultAzureCredential();
    
    // For user-assigned identity.
    // var tokenProvider = new DefaultAzureCredential(
    //     new DefaultAzureCredentialOptions
    //     {
    //         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
    //     }
    // );
    
    // For service principal.
    // var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
    // var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
    // var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
    // var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);
    
    // Acquire the access token. 
    AccessToken accessToken = await tokenProvider.GetTokenAsync(
        new TokenRequestContext(scopes: new string[]{ scope }));
    
    // Get the password.
    var httpClient = new HttpClient();
    httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
    var response = await httpClient.POSTAsync(listKeyUrl);
    var responseBody = await response.Content.ReadAsStringAsync();
    var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
    var password = keys["primaryMasterKey"];
    
    // Connect to Azure Cosmos DB for Apache Gremlin
    var server = new GremlinServer(
        hostname: gremlinEndpoint,
        port: gremlinPort,
        username: userName,
        password: password,
        enableSsl: true
    );
    
    using var client = new GremlinClient(
        gremlinServer: server,
        messageSerializer: new Gremlin.Net.Structure.IO.GraphSON.GraphSON2MessageSerializer()
    );        
    
    

Connection string

Warning

Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.

Default environment variable name Description Example value
AZURE_COSMOS_HOSTNAME Your Gremlin Unique Resource Identifier (UFI) <Azure-Cosmos-DB-account>.gremlin.cosmos.azure.com
AZURE_COSMOS_PORT Connection port 443
AZURE_COSMOS_USERNAME Your username /dbs/<database>/colls/<collection or graphs>
AZURE_COSMOS_PASSWORD Your password <password>

Sample code

Refer to the steps and code below to connect to Azure Cosmos DB for Gremlin using a connection string.

  1. Install dependency.

    dotnet add package Gremlin.Net
    
  2. Get the connection information from the environment variables added by Service Connector and connect to Azure Cosmos DB for Apache Gremlin.

    using System;
    using Gremlin.Net.Driver;
    
    var gremlinEndpoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_RESOURCEENDPOINT");
    var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
    var password = Environment.GetEnvironmentVariable("AZURE_COSMOS_PASSWORD");
    var gremlinPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
    
    var server = new GremlinServer(
        hostname: gremlinEndpoint,
        port: gremlinPort,
        username: userName,
        password: password,
        enableSsl: true
    );
    
    using var client = new GremlinClient(
        gremlinServer: server,
        messageSerializer: new Gremlin.Net.Structure.IO.GraphSON.GraphSON2MessageSerializer()
    );
    

Service principal

Default environment variable name Description Example value
AZURE_COSMOS_LISTKEYURL The URL to get the connection string https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15
AZURE_COSMOS_SCOPE Your managed identity scope https://management.azure.com/.default
AZURE_COSMOS_RESOURCEENDPOINT Your resource endpoint https://<Azure-Cosmos-DB-account>.documents.azure.com:443/
AZURE_COSMOS_HOSTNAME Your Gremlin Unique Resource Identifier (UFI) <Azure-Cosmos-DB-account>.gremlin.cosmos.azure.com
AZURE_COSMOS_PORT Gremlin connection port 10350
AZURE_COSMOS_USERNAME Your username </dbs/<database>/colls/<collection or graphs>
AZURE_COSMOS_CLIENTID Your client ID <client-ID>
AZURE_COSMOS_CLIENTSECRET Your client secret <client-secret>
AZURE_COSMOS_TENANTID Your tenant ID <tenant-ID>

Sample code

Refer to the steps and code below to connect to Azure Cosmos DB for Gremlin using a service principal.

  1. Install dependencies.

    dotnet add package Gremlin.Net
    dotnet add package Azure.Identity
    
  2. Get an access token for the managed identity or service principal using client library Azure.Identity. Use the access token and AZURE_COSMOS_LISTKEYURL to get the password. Get the connection information from the environment variables added by Service Connector and connect to Azure Cosmos DB for Apache Gremlin. When using the code below, uncomment the part of the code snippet for the authentication type you want to use.

    using System;
    using System.Security.Authentication;
    using System.Net.Security;
    using System.Net.Http;
    using System.Security.Authentication;
    using System.Threading.Tasks;
    using System;
    using Gremlin.Net.Driver;
    using Azure.Identity;
    
    var gremlinEndpoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_RESOURCEENDPOINT");
    var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
    var gremlinPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
    var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
    var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");
    
    // Uncomment the following lines corresponding to the authentication type you want to use.
    // For system-assigned identity.
    // var tokenProvider = new DefaultAzureCredential();
    
    // For user-assigned identity.
    // var tokenProvider = new DefaultAzureCredential(
    //     new DefaultAzureCredentialOptions
    //     {
    //         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
    //     }
    // );
    
    // For service principal.
    // var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
    // var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
    // var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
    // var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);
    
    // Acquire the access token. 
    AccessToken accessToken = await tokenProvider.GetTokenAsync(
        new TokenRequestContext(scopes: new string[]{ scope }));
    
    // Get the password.
    var httpClient = new HttpClient();
    httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
    var response = await httpClient.POSTAsync(listKeyUrl);
    var responseBody = await response.Content.ReadAsStringAsync();
    var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
    var password = keys["primaryMasterKey"];
    
    // Connect to Azure Cosmos DB for Apache Gremlin
    var server = new GremlinServer(
        hostname: gremlinEndpoint,
        port: gremlinPort,
        username: userName,
        password: password,
        enableSsl: true
    );
    
    using var client = new GremlinClient(
        gremlinServer: server,
        messageSerializer: new Gremlin.Net.Structure.IO.GraphSON.GraphSON2MessageSerializer()
    );        
    
    

Next steps

Follow the tutorials listed below to learn more about Service Connector.