Update Chart for v3 (#590)

- Update README with corrections and nitpicks
- Update chart.yaml
- Properly dispose of the previous certificate
- Use slim builder for web app

Author: wsugarman

README.md

@@ -24,18 +24,18 @@ This specification describes the `external` trigger for applications that use th
 ### Parameter List
 - **`accountName`** - Optional name of the Azure Storage account used by the Durable Task Framework (DTFx). This value is only required when `useManagedIdentity` is `true`
 - **`clientId`** - Optional identity used when authenticating via managed identity. This value can only be specified when `useManagedIdentity` is `true`
-- **`cloud`** - Optional name of the cloud environment that contains the Azure Storage account. Must be a known Azure cloud environment, or `Private` for Azure Stack Hub or air-gapped clouds. If `Private` is specified, both `endpointSuffix` and `activeDirectoryEndpoint` must be specified. Defaults to the `'AzurePublicCloud'`. Possible values include:
+- **`cloud`** - Optional name of the cloud environment that contains the Azure Storage account. Must be a known Azure cloud environment, or `Private` for Azure Stack Hub or air-gapped clouds. If `'Private'` is specified, both `endpointSuffix` and `entraEndpoint` must be specified. Defaults to the `'AzurePublicCloud'`. Possible values include:
   - `AzurePublicCloud`
   - `AzureUSGovernmentCloud`
   - `AzureChinaCloud`
   - `Private`
 - **`connection`** - Optional connection string for the Azure Storage account that may be used as an alternative to `connectionFromEnv`
 - **`connectionFromEnv`** - Optional name of the environment variable your deployment uses to get the connection string. Defaults to `'AzureWebJobsStorage'`
-- **`endpointSuffix`** - Optional suffix for the Azure Storage service URLs. This value is only required when `cloud` is `Private`. Otherwise, the value is automatically derived for well-known cloud environments
-- **`entraEndpoint`** - Optional host authority for Microsoft Entra. This value is only required when `cloud` is `Private`. Otherwise, the value is automatically derived for well-known cloud environments
+- **`endpointSuffix`** - Optional suffix for the Azure Storage service URLs. This value is only required when `cloud` is `'Private'`. Otherwise, the value is automatically derived for well-known cloud environments
+- **`entraEndpoint`** - Optional host authority for Microsoft Entra. This value is only required when `cloud` is `'Private'`. Otherwise, the value is automatically derived for well-known cloud environments
 - **`maxActivitiesPerWorker`** - Optional maximum number of activity work items that a single worker may process at any time. This is equivalent to `MaxConcurrentActivityFunctions`in Azure Durable Functions and `MaxConcurrentTaskActivityWorkItems` in the Durable Task Framework (DTFx). Must be greater than 0. Defaults to `10`
 - **`maxOrchestrationsPerWorker`** - Optional maximum number of orchestration work items that a single worker may process at any time. This is equivalent to `MaxConcurrentOrchestratorFunctions` in Azure Durable Functions and `MaxConcurrentTaskOrchestrationWorkItems` in the Durable Task Framework (DTFx). Must be greater than 0. Defaults to `5`
-- **`scalerAddress`** - Required address for the scaler service within the Kubernetes cluster. The format of the address is `<scaler-service-name>.<scaler-kubernetes-namespace>:<port>`. By default, the chart uses port `4370` while the service name and namespace are dependent on the Helm installation command. For example, an installation like `helm install -n keda dtfx-scaler wsugarman/durabletask-azurestorage-scaler` would use the address `dtfx-scaler.keda:4370`. For more details, please see the [service template](/charts/durabletask-azurestorage-scaler/templates/03-service.yaml) in the Helm chart
+- **`scalerAddress`** - Required address for the scaler service within the Kubernetes cluster. The format of the address is `'<scaler-service-name>.<scaler-kubernetes-namespace>:<port>'`. By default, the chart uses port `4370` while the service name and namespace are dependent on the Helm installation command. For example, an installation like `helm install -n keda dtfx-scaler wsugarman/durabletask-azurestorage-scaler` would use the address `dtfx-scaler.keda:4370`. For more details, please see the [service template](/charts/durabletask-azurestorage-scaler/templates/03-service.yaml) in the Helm chart
 - **`taskHubName`** - Optional name of the Durable Task Framework (DTFx) task hub. This name is used when determining the name of blob containers, tables, and queues related to the application. Defaults to `'TestHubName'`
 - **`useManagedIdentity`** - Optionally indicates that Microsoft Entra Workload Identity should be used to authenticate between the scaler and the Azure Storage account. If `true`, `Account` must be specified, and the scaler deployment must also include a workload identity. Defaults to `false`
 - **`useTablePartitionManagement`** - Optionally indicates that the task hub uses the newer [Partition Manager V3](https://techcommunity.microsoft.com/blog/appsonazureblog/preview-of-durable-functions-extension-v3-0-0/4000452) that relies on Azure Table Storage instead of the older Blob-based Partition Manager. Defaults to `true`

charts/durabletask-azurestorage-scaler/Chart.yaml

@@ -2,7 +2,7 @@
 # Version corresponds to the chart version and should be updated every time the chart is changed.
 # AppVersion on the other hand should be updated every time the web app is changed.
 apiVersion: v2
-appVersion: "2.1.0"
+appVersion: "3.0.0"
 description: A KEDA external scaler for the Durable Task Azure Storage backend
 home: https://github.com/wsugarman/durabletask-azurestorage-scaler
 icon: https://raw.githubusercontent.com/wsugarman/durabletask-azurestorage-scaler/main/img/storm-icon.png
@@ -17,16 +17,22 @@ name: durabletask-azurestorage-scaler
 sources:
   - https://github.com/wsugarman/durabletask-azurestorage-scaler
 type: application
-version: "2.1.0"
+version: "3.0.0"
 annotations:
   artifacthub.io/category: monitoring-logging
   artifacthub.io/changes: |
     - kind: added
-      description: Added new readiness check when TLS is enabled to ensure that the configured certificates are available.
+      description: Added support for Partition Manager v3 using the new useTablePartitionManagement field in the ScaledObject
+    - kind: changed
+      description: Updated base image to mcr.microsoft.com/dotnet/aspnet:9.0.0-azurelinux3.0-distroless
+    - kind: fixed
+      description: Fixed possible race condition when reloading certificates that may be currently in use
+    - kind: removed
+      description: Removed support for AAD Pod Identity. Microsoft Entra Workload Identity is now the recommended approach
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: durabletask-azurestorage-scaler
-      image: ghcr.io/wsugarman/durabletask-azurestorage-scaler:2.1.0
+      image: ghcr.io/wsugarman/durabletask-azurestorage-scaler:3.0.0
       platforms:
         - linux/amd64
   artifacthub.io/license: MIT

src/Keda.Scaler.DurableTask.AzureStorage.Test/Certificates/ConfigureCustomTrustStore.Test.cs

@@ -143,8 +143,10 @@ public async ValueTask GivenCertificateFileChange_WhenConfiguringOptions_ThenUpd
         {
             configure.Configure(options);
             actual = Assert.Single(options.CustomTrustStore);
-        } while (actual.Thumbprint != expected2.Thumbprint || Volatile.Read(ref reloads) is 0);
+        } while (Volatile.Read(ref reloads) is 0 && !TestContext.Current.CancellationToken.IsCancellationRequested);
 
+        actual = Assert.Single(options.CustomTrustStore);
+        Assert.Equal(expected2.Thumbprint, actual.Thumbprint);
         Assert.Equal(X509ChainTrustMode.CustomRootTrust, options.ChainTrustValidationMode);
         Assert.Equal(1, Volatile.Read(ref reloads));
     }

src/Keda.Scaler.DurableTask.AzureStorage/Certificates/ConfigureCustomTrustStore.cs

@@ -74,6 +74,7 @@ private void Reload(X509Certificate2 certificate)
         {
             _certificateLock.EnterWriteLock();
 
+            _certificates[0].Dispose();
             _certificates = [certificate];
             ConfigurationReloadToken previousToken = Interlocked.Exchange(ref _reloadToken, new ConfigurationReloadToken());
             previousToken.OnReload();

src/Keda.Scaler.DurableTask.AzureStorage/Gen/Microsoft.Extensions.Configuration.Binder.SourceGeneration/Microsoft.Extensions.Configuration.Binder.SourceGeneration.ConfigurationBindingGenerator/BindingExtensions.g.cs

@@ -69,8 +69,8 @@ public static void Bind_ScalerOptions(this IConfiguration configuration, object?
 
         #region OptionsBuilder<TOptions> extensions.
         /// <summary>Registers the dependency injection container to bind <typeparamref name="TOptions"/> against the <see cref="IConfiguration"/> obtained from the DI service provider.</summary>
-        [InterceptsLocation(1, "wgqWBPyxn2CKVzq/OBRyozYEAABJU2VydmljZUNvbGxlY3Rpb24uRXh0ZW5zaW9ucy5jcw==")] // C:\Git\durabletask-azurestorage-scaler\src\Keda.Scaler.DurableTask.AzureStorage\Certificates\IServiceCollection.Extensions.cs(26,14)
-        [InterceptsLocation(1, "wgqWBPyxn2CKVzq/OBRyo+0FAABJU2VydmljZUNvbGxlY3Rpb24uRXh0ZW5zaW9ucy5jcw==")] // C:\Git\durabletask-azurestorage-scaler\src\Keda.Scaler.DurableTask.AzureStorage\Certificates\IServiceCollection.Extensions.cs(34,14)
+        [InterceptsLocation(1, "/3MNeE1JY/xkE9t5VlNxzzYEAABJU2VydmljZUNvbGxlY3Rpb24uRXh0ZW5zaW9ucy5jcw==")] // C:\Git\durabletask-azurestorage-scaler\src\Keda.Scaler.DurableTask.AzureStorage\Certificates\IServiceCollection.Extensions.cs(26,14)
+        [InterceptsLocation(1, "/3MNeE1JY/xkE9t5VlNxz+0FAABJU2VydmljZUNvbGxlY3Rpb24uRXh0ZW5zaW9ucy5jcw==")] // C:\Git\durabletask-azurestorage-scaler\src\Keda.Scaler.DurableTask.AzureStorage\Certificates\IServiceCollection.Extensions.cs(34,14)
         public static OptionsBuilder<TOptions> BindConfiguration<TOptions>(this OptionsBuilder<TOptions> optionsBuilder, string configSectionPath, Action<BinderOptions>? configureBinder = null) where TOptions : class
         {
             ArgumentNullException.ThrowIfNull(optionsBuilder);