Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

fix multi-tenant deployment #1270

Merged
merged 6 commits into from
Sep 24, 2021
Merged

Conversation

chkeita
Copy link
Contributor

@chkeita chkeita commented Sep 23, 2021

When deploying a multitenant instance there was a mismatch between the identifier uri used to configure the application registration and the value we use to authenticate the cli client. This caused #1269

To test:
1- deploy on a multi tenant domain
2- send a onefuzz request

Expected result: The request should be successful

closes #1269

Copy link
Member

@ranweiler ranweiler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we update the PR description to describe (1) what we believe the problem was, and its scope, (2) why it fixes the linked issue, and (3) how one could test it?

src/deployment/deploy.py Show resolved Hide resolved
src/deployment/deploy.py Outdated Show resolved Hide resolved
@bmc-msft
Copy link
Contributor

I don't know if the error from integration testing is unique to this PR or not, but I get the following when testing a new single-tenant deployment.

INFO:deploy:checking if RBAC already exists
INFO:deploy:creating Application registration
INFO:deploy:creating service principal
INFO:deploy:app password created
INFO:deploy:deploying arm template: azuredeploy.json

Traceback (most recent call last):
  File "/tmp/tmplye2wlof/deploy-venv/lib/python3.8/site-packages/azure/core/polling/base_polling.py", line 483, in run
    self._poll()
  File "/tmp/tmplye2wlof/deploy-venv/lib/python3.8/site-packages/azure/core/polling/base_polling.py", line 522, in _poll
    raise OperationFailed("Operation failed or canceled")
azure.core.polling.base_polling.OperationFailed: Operation failed or canceled

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "deploy.py", line 1091, in <module>
    main()
  File "deploy.py", line 1085, in main
    state[1](client)
  File "deploy.py", line 540, in deploy_template
    raise error
  File "deploy.py", line 516, in deploy_template
    result = client.deployments.begin_create_or_update(
  File "/tmp/tmplye2wlof/deploy-venv/lib/python3.8/site-packages/azure/core/polling/_poller.py", line 255, in result
    self.wait(timeout)
  File "/tmp/tmplye2wlof/deploy-venv/lib/python3.8/site-packages/azure/core/tracing/decorator.py", line 83, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "/tmp/tmplye2wlof/deploy-venv/lib/python3.8/site-packages/azure/core/polling/_poller.py", line 275, in wait
    raise self._exception # type: ignore
  File "/tmp/tmplye2wlof/deploy-venv/lib/python3.8/site-packages/azure/core/polling/_poller.py", line 192, in _start
    self._polling_method.run()
  File "/tmp/tmplye2wlof/deploy-venv/lib/python3.8/site-packages/azure/core/polling/base_polling.py", line 501, in run
    raise HttpResponseError(
azure.core.exceptions.HttpResponseError: (DeploymentFailed) At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.
Code: DeploymentFailed
Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.
Exception Details:      (BadRequest) {
          "error": {
            "code": "HashConflictOnDifferentRoleAssignmentIds",
            "message": "A hash conflict was encountered for the role Assignment ID. Please use a new Guid."
          }
        }
        Code: BadRequest
        Message: {
          "error": {
            "code": "HashConflictOnDifferentRoleAssignmentIds",
            "message": "A hash conflict was encountered for the role Assignment ID. Please use a new Guid."
          }
        }

Copy link
Contributor

@bmc-msft bmc-msft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see concerns

@nharper285
Copy link
Contributor

I've tested this and it works with both mutli-tenant credentials.

@chkeita
Copy link
Contributor Author

chkeita commented Sep 23, 2021

I don't know if the error from integration testing is unique to this PR or not, but I get the following when testing a new single-tenant deployment.

I don't think this is related to this PR. I just had a successful deployment

@chkeita chkeita requested a review from bmc-msft September 23, 2021 21:57
@bmc-msft bmc-msft enabled auto-merge (squash) September 24, 2021 14:55
@bmc-msft bmc-msft merged commit d739811 into microsoft:main Sep 24, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Nov 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Multi-Tenant Auth is broken for 3.0.0
5 participants