From 8429c82e770394c287a4471ffa4289b44d8ba460 Mon Sep 17 00:00:00 2001 From: Timo van Veenendaal Date: Mon, 19 Sep 2022 11:50:19 -0700 Subject: [PATCH] Update error message to point to remediation steps --- sdk/keyvault/keyvault-admin/CHANGELOG.md | 1 + .../internal/challengeAuthenticationCallbacks.spec.ts | 8 +++----- sdk/keyvault/keyvault-certificates/CHANGELOG.md | 1 + .../internal/challengeAuthenticationCallbacks.spec.ts | 8 +++----- .../src/challengeBasedAuthenticationPolicy.ts | 2 +- sdk/keyvault/keyvault-keys/CHANGELOG.md | 1 + .../internal/challengeAuthenticationCallbacks.spec.ts | 4 ++-- sdk/keyvault/keyvault-secrets/CHANGELOG.md | 1 + .../internal/challengeAuthenticationCallbacks.spec.ts | 4 ++-- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/sdk/keyvault/keyvault-admin/CHANGELOG.md b/sdk/keyvault/keyvault-admin/CHANGELOG.md index 1c541a10ce52..205062f266ba 100644 --- a/sdk/keyvault/keyvault-admin/CHANGELOG.md +++ b/sdk/keyvault/keyvault-admin/CHANGELOG.md @@ -6,6 +6,7 @@ - Verify the challenge resource matches the vault domain. This should affect few customers who can set `disableChallengeResourceVerification` in the options bag to `true` to disable. + See https://aka.ms/azsdk/blog/vault-uri for more information. ## 4.2.2 (2022-08-09) diff --git a/sdk/keyvault/keyvault-admin/test/internal/challengeAuthenticationCallbacks.spec.ts b/sdk/keyvault/keyvault-admin/test/internal/challengeAuthenticationCallbacks.spec.ts index 5a5a3da2ebd6..6271f4db4efc 100644 --- a/sdk/keyvault/keyvault-admin/test/internal/challengeAuthenticationCallbacks.spec.ts +++ b/sdk/keyvault/keyvault-admin/test/internal/challengeAuthenticationCallbacks.spec.ts @@ -161,7 +161,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); }); @@ -179,7 +179,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); }); @@ -199,9 +199,7 @@ describe("Challenge based authentication tests", function () { }); it("does not throw if the resource URI host does not match the request but verifyChallengeResource is false", async () => { - challengeCallbacks = createChallengeCallbacks({ - disableChallengeResourceVerification: true, - }); + challengeCallbacks = createChallengeCallbacks({ disableChallengeResourceVerification: true }); await challengeCallbacks.authorizeRequestOnChallenge!({ getAccessToken: () => Promise.resolve(null), request: createPipelineRequest({ url: "https://foo.bar" }), diff --git a/sdk/keyvault/keyvault-certificates/CHANGELOG.md b/sdk/keyvault/keyvault-certificates/CHANGELOG.md index 4c7f0636c1dd..a4a2043bb6da 100644 --- a/sdk/keyvault/keyvault-certificates/CHANGELOG.md +++ b/sdk/keyvault/keyvault-certificates/CHANGELOG.md @@ -6,6 +6,7 @@ - Verify the challenge resource matches the vault domain. This should affect few customers who can set `disableChallengeResourceVerification` in the options bag to `true` to disable. + See https://aka.ms/azsdk/blog/vault-uri for more information. ## 4.5.0 (2022-08-09) diff --git a/sdk/keyvault/keyvault-certificates/test/internal/challengeAuthenticationCallbacks.spec.ts b/sdk/keyvault/keyvault-certificates/test/internal/challengeAuthenticationCallbacks.spec.ts index 5a5a3da2ebd6..6271f4db4efc 100644 --- a/sdk/keyvault/keyvault-certificates/test/internal/challengeAuthenticationCallbacks.spec.ts +++ b/sdk/keyvault/keyvault-certificates/test/internal/challengeAuthenticationCallbacks.spec.ts @@ -161,7 +161,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); }); @@ -179,7 +179,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); }); @@ -199,9 +199,7 @@ describe("Challenge based authentication tests", function () { }); it("does not throw if the resource URI host does not match the request but verifyChallengeResource is false", async () => { - challengeCallbacks = createChallengeCallbacks({ - disableChallengeResourceVerification: true, - }); + challengeCallbacks = createChallengeCallbacks({ disableChallengeResourceVerification: true }); await challengeCallbacks.authorizeRequestOnChallenge!({ getAccessToken: () => Promise.resolve(null), request: createPipelineRequest({ url: "https://foo.bar" }), diff --git a/sdk/keyvault/keyvault-common/src/challengeBasedAuthenticationPolicy.ts b/sdk/keyvault/keyvault-common/src/challengeBasedAuthenticationPolicy.ts index c01b0d325309..d8f165434dd8 100644 --- a/sdk/keyvault/keyvault-common/src/challengeBasedAuthenticationPolicy.ts +++ b/sdk/keyvault/keyvault-common/src/challengeBasedAuthenticationPolicy.ts @@ -58,7 +58,7 @@ function verifyChallengeResource(scope: string, request: PipelineRequest): void if (!requestUrl.hostname.endsWith(`.${scopeAsUrl.hostname}`)) { throw new Error( - `Challenge resource host '${scopeAsUrl.hostname}' does not match request domain` + `The challenge resource '${scopeAsUrl.hostname}' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information.` ); } } diff --git a/sdk/keyvault/keyvault-keys/CHANGELOG.md b/sdk/keyvault/keyvault-keys/CHANGELOG.md index 1765caaed936..42b855602463 100644 --- a/sdk/keyvault/keyvault-keys/CHANGELOG.md +++ b/sdk/keyvault/keyvault-keys/CHANGELOG.md @@ -6,6 +6,7 @@ - Verify the challenge resource matches the vault domain. This should affect few customers who can set `disableChallengeResourceVerification` in the options bag to `true` to disable. + See https://aka.ms/azsdk/blog/vault-uri for more information. ## 4.5.0 (2022-08-09) diff --git a/sdk/keyvault/keyvault-keys/test/internal/challengeAuthenticationCallbacks.spec.ts b/sdk/keyvault/keyvault-keys/test/internal/challengeAuthenticationCallbacks.spec.ts index dc9b75e3b45c..6271f4db4efc 100644 --- a/sdk/keyvault/keyvault-keys/test/internal/challengeAuthenticationCallbacks.spec.ts +++ b/sdk/keyvault/keyvault-keys/test/internal/challengeAuthenticationCallbacks.spec.ts @@ -161,7 +161,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); }); @@ -179,7 +179,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); }); diff --git a/sdk/keyvault/keyvault-secrets/CHANGELOG.md b/sdk/keyvault/keyvault-secrets/CHANGELOG.md index 6b7f507794d4..8dd86aea9922 100644 --- a/sdk/keyvault/keyvault-secrets/CHANGELOG.md +++ b/sdk/keyvault/keyvault-secrets/CHANGELOG.md @@ -6,6 +6,7 @@ - Verify the challenge resource matches the vault domain. This should affect few customers who can set `disableChallengeResourceVerification` in the options bag to `true` to disable. + See https://aka.ms/azsdk/blog/vault-uri for more information. ## 4.5.1 (2022-08-15) diff --git a/sdk/keyvault/keyvault-secrets/test/internal/challengeAuthenticationCallbacks.spec.ts b/sdk/keyvault/keyvault-secrets/test/internal/challengeAuthenticationCallbacks.spec.ts index dc9b75e3b45c..6271f4db4efc 100644 --- a/sdk/keyvault/keyvault-secrets/test/internal/challengeAuthenticationCallbacks.spec.ts +++ b/sdk/keyvault/keyvault-secrets/test/internal/challengeAuthenticationCallbacks.spec.ts @@ -161,7 +161,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); }); @@ -179,7 +179,7 @@ describe("Challenge based authentication tests", function () { }, scopes: [], }), - "Challenge resource host 'vault.azure.net' does not match request domain" + "The challenge resource 'vault.azure.net' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information." ); });