Skip to content

Fix #8840: Tenant domain name is not accepted by Key Vault #10418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yugangw-msft merged 3 commits into from
Sep 17, 2019
Merged

Fix #8840: Tenant domain name is not accepted by Key Vault #10418

yugangw-msft merged 3 commits into from
Sep 17, 2019

Conversation

@jiasli
Copy link
Member

@jiasli jiasli commented Sep 4, 2019
edited
Loading

Fix #8840: Convert tenant domain name to GUID if it is not.

yugangw-msft
yugangw-msft reviewed Sep 5, 2019
View reviewed changes
src/azure-cli/azure/cli/command_modules/keyvault/custom.py Outdated
Copy link
Contributor

@yugangw-msft yugangw-msft Sep 5, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please handle the case when a proxy is involved, check out the code.
Also like I mentioned endpoint like login.microsoftonline.com should come from current cloud configuration, again code is here.
Last, can we do the conversion during az login which would benefit other commands ?

Copy link

@rajarshi-singh rajarshi-singh Sep 8, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for doing the conversion at 'az login' level if possible.

Copy link
Member Author

@jiasli jiasli Sep 16, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have moved the domain resolution logic to az login. @yugangw-msft, please kindly review. Thanks!
az login --service-principal -u {} -p {} -t {}.onmicrosoft.com shows warning 'Resolve tenant domain name %s to GUID %s'.
az keyvault create --name {} -g {} should be good.

@jiasli jiasli requested a review from yugangw-msft September 16, 2019 08:46
yugangw-msft
yugangw-msft approved these changes Sep 16, 2019
View reviewed changes
src/azure-cli/azure/cli/command_modules/profile/_validators.py Outdated
uuid.UUID(guid)
return True
except ValueError:
pass
Copy link
Contributor

@yugangw-msft yugangw-msft Sep 16, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: you can return False here

Copy link
Member Author

@jiasli jiasli Sep 16, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point! All _is_guids are fixed.

@yugangw-msft
Copy link
Contributor

yugangw-msft commented Sep 16, 2019

This is a user facing change, please add a releasing note

@jiasli jiasli requested a review from yugangw-msft September 16, 2019 14:10
rajarshi-singh
rajarshi-singh approved these changes Sep 16, 2019
View reviewed changes
Copy link

@rajarshi-singh rajarshi-singh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for taking care of this. :)

@yugangw-msft yugangw-msft merged commit f8aeed5 into Azure:dev Sep 17, 2019
@jiasli jiasli mentioned this pull request Sep 17, 2019
Merged
@jiasli jiasli deleted the kv-tid branch November 5, 2019 08:46
@jiasli jiasli mentioned this pull request Jul 24, 2020
Merged
@jiasli jiasli mentioned this pull request Jan 13, 2023
Closed
3 tasks
jiasli
jiasli commented Nov 21, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/profile/_validators.py
if not _is_guid(namespace.tenant):
import requests
active_directory_endpoint = cmd.cli_ctx.cloud.endpoints.active_directory
url = '{}/{}/.well-known/openid-configuration'.format(active_directory_endpoint, namespace.tenant)
Copy link
Member Author

@jiasli jiasli Nov 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v1.0 endpoint is now deprecated, so we need to migrate to v2.0:

https://login.microsoftonline.com/azuresdkteam.onmicrosoft.com/.well-known/openid-configuration ->
https://login.microsoftonline.com/azuresdkteam.onmicrosoft.com/v2.0/.well-known/openid-configuration

Official documentation on /.well-known/openid-configuration: https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#find-your-apps-openid-configuration-document-uri

@jiasli jiasli mentioned this pull request Nov 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@yugangw-msft yugangw-msft yugangw-msft approved these changes

@rajarshi-singh rajarshi-singh rajarshi-singh approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@yugangw-msft yugangw-msft

@yonzhan yonzhan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jiasli @yugangw-msft @rajarshi-singh @yonzhan