Pass Microsoft EntraID Authority to CreatePublicClient to Fix Az.Ssh Issue When WAM Enabled #25944
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
| Type | Module | ResourceType | SubResourceType | Command | Description |
|---|---|---|---|---|---|
| Az.Accounts | Microsoft.Subscription | subscriptions | Get-AzSubscription | The path /subscriptions/{subscriptionId} doesn't contains the right resource tpye: Microsoft.Subscription |
⚠️ Windows PowerShell - Windows
| Type | Module | ResourceType | SubResourceType | Command | Description |
|---|---|---|---|---|---|
| Az.Accounts | Microsoft.Subscription | subscriptions | Get-AzSubscription | The path /subscriptions/{subscriptionId} doesn't contains the right resource tpye: Microsoft.Subscription |
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Aks
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.ApplicationInsights
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Compute
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Functions
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
⚠️ Az.KeyVault
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
⚠️ Test
⚠️ - Linux
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09 % Test coverage for the module cannot be lower than 50%.
⚠️ - MacOS
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09% Test coverage for the module cannot be lower than 50%.
⚠️ PowerShell Core - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09% Test coverage for the module cannot be lower than 50%.
⚠️ Windows PowerShell - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09% Test coverage for the module cannot be lower than 50%.
️✔️Az.KubernetesConfiguration
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.ManagedServiceIdentity
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Monitor
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Network
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.OperationalInsights
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.PostgreSql
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.PrivateDns
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
⚠️ Az.Purview
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
⚠️ Test
⚠️ - Linux
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 8.70 % Test coverage for the module cannot be lower than 50%.
⚠️ - MacOS
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 8.70% Test coverage for the module cannot be lower than 50%.
⚠️ PowerShell Core - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 8.70% Test coverage for the module cannot be lower than 50%.
⚠️ Windows PowerShell - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 8.70% Test coverage for the module cannot be lower than 50%.
️✔️Az.Resources
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Sql
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
⚠️ Az.Storage
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
⚠️ Test
⚠️ - Linux
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 41.76 % Test coverage for the module cannot be lower than 50%.
⚠️ - MacOS
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 41.76% Test coverage for the module cannot be lower than 50%.
⚠️ PowerShell Core - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 41.76% Test coverage for the module cannot be lower than 50%.
⚠️ Windows PowerShell - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 41.76% Test coverage for the module cannot be lower than 50%.
️✔️Az.Websites
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
msJinLei
force-pushed
the
ssh_fix_split
branch
from
71ddae4
to
33d6ab0
Compare
msJinLei
force-pushed
the
ssh_fix_split
branch
2 times, most recently
from
3dfba13
to
e94462e
Compare
msJinLei
requested review from
bilaakpan-ms,
Sandido,
haagha and
grizzlytheodore
as code owners
msJinLei
force-pushed
the
ssh_fix_split
branch
from
e94462e
to
eff3558
Compare
isra-fel
requested changes
Aug 27, 2024
| namespace Microsoft.Azure.Commands.Common.Authentication | ||
| { | ||
| public abstract class PowerShellTokenCacheProvider | ||
| { | ||
| public const string PowerShellTokenCacheProviderKey = "PowerShellTokenCacheProviderKey"; | ||
| private static readonly string CommonTenant = "organizations"; | ||
| //Refer to https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.client.abstractapplicationbuilder-1.withauthority?view=msal-dotnet-latest#microsoft-identity-client-abstractapplicationbuilder-1-withauthority(system-string-system-boolean | ||
| //However, neither "commons" nor "organizations" works for MSA account |
There was a problem hiding this comment.
What does this mean? Need more explaination
There was a problem hiding this comment.
What does this mean? Need more explaination
I rename CommonTenant to OrgnizationTenant to differentiate from the real common tenant "/common". But as the discussion with Ashok and Jiashuo, we shall always use "/organizations" for both work and school, and MSA accounts.
| /// </summary> | ||
| public virtual IPublicClientApplication CreatePublicClient(string authority = null) | ||
| public virtual IPublicClientApplication CreatePublicClient(string authority, string tenantId = null) |
There was a problem hiding this comment.
How about making tenantId mandatory so that it doesn't conflict with the other CreatePublicClient()
There was a problem hiding this comment.
Consider putting the new api into SshCredentialFactory.
Because we have two purposes to create msal client - (a) deal with token cache (b) for ssh.
There was a problem hiding this comment.
I find there is a limitation to move CreatePublicClient out of PowerShellTokenCacheProvider as CreatePublicClient call RegisterCache which implements in PowerShellTokenCacheProvider.
And so I create a new CreatePublicClient with two inputs and keep all the other logic as what it is.
msJinLei
force-pushed
the
ssh_fix_split
branch
from
6a1047d
to
1de9462
Compare
msJinLei
modified the milestones:
Az 12.3.0 (September 2024, 2024-09-03),
Az 12.5.0 (October 2024, 2024-11-05)
msJinLei
force-pushed
the
ssh_fix_split
branch
2 times, most recently
from
716ccf8
to
70e3996
Compare
Address review comments Polish change log Address review comments Address review comments
msJinLei
force-pushed
the
ssh_fix_split
branch
from
70e3996
to
56757a6
Compare
isra-fel
approved these changes
Oct 23, 2024
github-actions bot
pushed a commit
that referenced
this pull request
Oct 23, 2024
…Issue When WAM Enabled (#25944) * Address review comments Address review comments Polish change log Address review comments Address review comments * Integrate Microsoft.Identity.Client 4.65.0 * Polish change log
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Mandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.mdand reviewed the following information:ChangeLog.mdfile(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.## Upcoming Releaseheader in the past tense.ChangeLog.mdif no new release is required, such as fixing test case only.