Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only fetch provision application oid via API if not supplied #2592

Merged
1 commit merged into from
Jan 21, 2022
Merged

Only fetch provision application oid via API if not supplied #2592

1 commit merged into from
Jan 21, 2022

Conversation

benbp
Copy link
Member

@benbp benbp commented Jan 21, 2022
edited
Loading

Currently there are some problems with the Az.Resources cmdlet v5.2.0 related to fetching service principals via the
graph API in private azure clouds. This manifests either as an error like below:

ClientSecretCredential authentication failed: AADSTS70011:
The provided request must include a 'scope' input parameter.

Or, if the -MicrosoftGraphEndpointResourceId parameter is supplied to the Add-AzEnvironment call, then the API
request returns a 500:

{"odata.error":{"code":"Request_DataContractVersionMissing","message":
{"lang":"en","value":"The specified api-version is invalid. The value must exactly match a supported version."}}}

I'm pretty sure there is still some missing functionality as support for non-public clouds was only recently added and
the AAD->MSGraph breaking change in azure powershell has had related issues.

Regardless of all this, we don't need to be doing an API call to get the OID in CI environments, because we already have
that value available and can pass it in as a parameter. So even if the above problems were fixed, I would still want to
make this change to reduce our test script running time. This update happens to bypass the problematic
Get-AzAdServicePrincipal call and fix the issue at hand.

Fixes Azure/azure-sdk-for-js#19886

@benbp benbp added the Central-EngSys This issue is owned by the Engineering System team. label Jan 21, 2022
@benbp benbp self-assigned this Jan 21, 2022
@azure-sdk
Copy link
Collaborator

The following pipelines have been queued for testing:
java - template
java - template - tests
js - template
net - template
net - template - tests
python - template
python - template - tests
You can sign off on the approval gate to test the release stage of each pipeline.
See eng/common workflow

weshaggard
weshaggard reviewed Jan 21, 2022
View reviewed changes
eng/common/TestResources/New-TestResources.ps1
@@ -45,6 +45,10 @@ param (
[ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
[string] $ProvisionerApplicationId,

[Parameter(ParameterSetName = 'Provisioner', Mandatory = $false)]
[ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
[string] $ProvisionerApplicationOid,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have this already in the sub-config?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have the value (via TestApplicationOid which is the same as provisioner for CI), but the key is not set. I set the parameter mandatory as $false so it will still be backwards compatible, and we can then update the sub configs (starting with the dogfood related ones).

This was referenced Jan 21, 2022
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@ghost
Copy link

ghost commented Jan 21, 2022

Hello @azure-sdk!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@ghost ghost merged commit 88ca6d9 into Azure:main Jan 21, 2022
@benbp benbp mentioned this pull request Jan 21, 2022
Open
@benbp benbp deleted the benbp/ppe-scope-graph-fix branch January 25, 2022 22:02
This was referenced Feb 8, 2022
Closed
Merged
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heaths heaths heaths approved these changes

@weshaggard weshaggard weshaggard approved these changes

@kristapratico kristapratico kristapratico approved these changes

Assignees

@benbp benbp

Labels
Central-EngSys This issue is owned by the Engineering System team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Communication - Phone Numbers] Deploy test resources failing in nightly runs
5 participants
@benbp @azure-sdk @heaths @weshaggard @kristapratico