Skip to content

[Preview] MSAL and shared token cache support#9982

Closed
cormacpayne wants to merge 22 commits intoAzure:Az.Accounts-previewfrom
cormacpayne:msal-support
Closed

[Preview] MSAL and shared token cache support#9982
cormacpayne wants to merge 22 commits intoAzure:Az.Accounts-previewfrom
cormacpayne:msal-support

Conversation

@cormacpayne
Copy link
Member

@cormacpayne cormacpayne commented Sep 5, 2019
edited
Loading

Description

Checklist

  • I have read the Submitting Changes section of CONTRIBUTING.md
  • The title of the PR is clear and informative
  • The appropriate ChangeLog.md file(s) has been updated:
    • For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header -- no new version header should be added
  • The PR does not introduce breaking changes
  • If applicable, the changes made in the PR have proper test coverage
  • For public API changes to cmdlets:
    • a cmdlet design review was approved for the changes in this repository (Microsoft internal only)
    • the markdown help files have been regenerated using the commands listed here

@markcowl markcowl assigned barnstee and erich-wang and unassigned barnstee Sep 10, 2019
markcowl
markcowl requested changes Sep 13, 2019
View reviewed changes
src/Accounts/Authentication/Authentication/Parameters/ManagedServiceIdentityParameters.cs
public ManagedServiceIdentityParameters(
IAzureEnvironment environment,
IAzureTokenCache tokenCache,
string tenantId,
Copy link
Member

@markcowl markcowl Sep 13, 2019
edited by cormacpayne
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this should contain parameters to contain identity type (SystemAssigned, ClientOrObjectId, ResourceId and identity id (string). These are all properties of IAzureAccount, but seems like we could use them to populate the account here.

Copy link
Member

@markcowl markcowl Sep 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, MSISecret, and MSiEndpoint

src/Accounts/Authenticators/ManagedServiceIdentityAuthenticator.cs

if (account.IsPropertySet(AppServiceManagedIdentityFlag))
{
return new ManagedServiceAppServiceAccessToken(account, environment, GetFunctionsResourceId(resourceId, environment), tenant);
Copy link
Member

@markcowl markcowl Sep 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be cleaner to have one authenticator for AppServiceMSI first in the chain, and the authenticator for Compute MSI after?

markcowl
markcowl requested changes Sep 13, 2019
View reviewed changes
src/Accounts/Authentication/Factories/AuthenticationFactory.cs
public const string AppServiceManagedIdentityFlag = "AppServiceManagedIdentityFlag";

public const string CommonAdTenant = "Common",
public const string CommonAdTenant = "organizations",
Copy link
Member

@markcowl markcowl Sep 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like we should have this constant in one place, and use it evwerywhere. Also, same question as before about whether thsi works with MSA

markcowl
markcowl requested changes Sep 13, 2019
View reviewed changes
src/Accounts/Authentication.ResourceManager/AzureRmProfile.cs
}

DefaultContextKey = profile.DefaultContextKey ?? "Default";
DefaultContextKey = profile.DefaultContextKey ?? (profile.Contexts.Any() ? null : "Default");
Copy link
Member

@markcowl markcowl Sep 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting the defautl key to null if there are contexts but none selected - when would this occur?

Copy link
Member

@isra-fel isra-fel Nov 14, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs validate: If logged in in VS (not PS), when first time runing PS command (not select-context), should be prompted with "please select a context"

markcowl
markcowl requested changes Sep 13, 2019
View reviewed changes
src/Accounts/Authentication.ResourceManager/AzureRmProfile.cs
var accounts = authenticationClientFactory.ListAccounts();
if (!accounts.Any())
{
if (!Contexts.Any(c => c.Key != "Default" && c.Value.Account.Type == AzureAccount.AccountType.User))
Copy link
Member

@markcowl markcowl Sep 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this method could use a bit of breaking up.

RemoveUserContexts()
RemoveUnmatchedUserContexts()
etc.

Also, as stated above, we need soem tracing here so we can tell why a context was removed if soemthign goes wrong.

markcowl
markcowl requested changes Sep 13, 2019
View reviewed changes
markcowl
markcowl requested changes Sep 13, 2019
View reviewed changes
@markcowl markcowl assigned cormacpayne and unassigned markcowl Sep 13, 2019
markcowl
markcowl requested changes Sep 20, 2019
View reviewed changes
@markcowl markcowl assigned markcowl and isra-fel and unassigned erich-wang Sep 26, 2019
@isra-fel isra-fel mentioned this pull request Oct 12, 2019
Closed
10 tasks
@isra-fel
Copy link
Member

isra-fel commented Oct 13, 2019

/azp run

@azure-pipelines
Copy link
Contributor

azure-pipelines bot commented Oct 13, 2019

Azure Pipelines successfully started running 3 pipeline(s).

@isra-fel
Copy link
Member

isra-fel commented Oct 13, 2019

/azp run

@azure-pipelines
Copy link
Contributor

azure-pipelines bot commented Oct 13, 2019

Azure Pipelines successfully started running 3 pipeline(s).

isra-fel
isra-fel reviewed Oct 14, 2019
View reviewed changes
src/Accounts/Authenticators/DesktopAuthenticatorBuilder.cs
return authenticator as IAuthenticatorBuilder;
});
AppendAuthenticator(() => { return new InteractiveUserAuthenticator(); });
var defaultBuilder = new DefaultAuthenticatorBuilder();
Copy link
Member

@isra-fel isra-fel Oct 14, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't that be 2 InteractiveUserAuthenticators 🤔 ?

@isra-fel
adopt latest common code
551fc76 
to support IAzureMsalTokenCache
@isra-fel
Copy link
Member

isra-fel commented Oct 17, 2019

/azp run

@azure-pipelines
Copy link
Contributor

azure-pipelines bot commented Oct 17, 2019

Azure Pipelines successfully started running 3 pipeline(s).

@isra-fel isra-fel mentioned this pull request Dec 16, 2019
Closed
12 tasks
@dingmeng-xue dingmeng-xue added this to the S164 (2020-01-28) milestone Dec 30, 2019
@isra-fel isra-fel mentioned this pull request Jan 7, 2020
Merged
8 tasks
@isra-fel isra-fel mentioned this pull request Jan 22, 2020
Closed
8 tasks
@isra-fel isra-fel closed this Jan 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isra-fel isra-fel isra-fel left review comments

@markcowl markcowl markcowl requested changes

Assignees

@markcowl markcowl

@cormacpayne cormacpayne

@isra-fel isra-fel

Labels

needs-revision

Projects

None yet

Milestone

S164 (2020-02-04)

Development

Successfully merging this pull request may close these issues.

7 participants

@cormacpayne @isra-fel @markcowl @keystroke @barnstee @erich-wang @dingmeng-xue