Removing exceptions thrown for AccessToken authentication #5135
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (context.Account.Type != AzureAccount.AccountType.User && | ||
| context.Account.Type != AzureAccount.AccountType.ServicePrincipal) | ||
| throw new ArgumentException(string.Format(KeyVaultProperties.Resources.UnsupportedAccountType, context.Account.Type)); | ||
|
|
||
| if (context.Subscription != null && context.Account != null) | ||
| tenantId = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants) | ||
| .Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants)) |
There was a problem hiding this comment.
@markcowl This code retrieves looks for the tenant ID in two different places. The code around this line is intersecting subscription tenants with account tenants. If we don't find the tenant here, then we retrieve the tenant from the context Tenant property. Do you know of a reason that we shouldn't just retrieve the tenant directly from the context rather than doing the whole intersecting thing?
Also, are we guaranteed to be able to get a tenant id regardless of Account.Type? In other words, can we/should we throw if we don't find a tenant id at all?
There was a problem hiding this comment.
@RandalliLama It is best practice to get the tenant from the context
markcowl
requested changes
Dec 16, 2017
| @@ -94,8 +90,6 @@ private static string GetTenantId(IAzureContext context) | |||
|
|
|||
| private static Tuple<IAccessToken, string> GetTokenInternal(string tenantId, IAuthenticationFactory authFactory, IAzureContext context, string resourceIdEndpoint) | |||
| { | |||
| if (string.IsNullOrWhiteSpace(tenantId)) | |||
There was a problem hiding this comment.
@markcowl This was removed because in the case that we don't get the tenant (with Account.Type being User or ServicePrincipal), I didn't want it to fail.
However, looks like we'd want to grab the tenant from the context in this case - does that sound reasonable? If so I'll go ahead and change it up that way.
There was a problem hiding this comment.
@tiffanyachen Correct, that would eb the correct thing to do here.
|
Could someone please unsubscribe me from the mails starting with subject: [Azure/azure
I am no longer with the project and can’t login to github to unsubscribe myself.
Thanks,
Deepthi.
…Sent from my iPhone
On Dec 12, 2017, at 3:24 PM, tiffanyachen <[email protected]<mailto:[email protected]>> wrote:
Removing exceptions thrown for AccessToken authentication - further work likely needed post update on the AuthenticationFactory side.
Description
________________________________
This checklist is used to make sure that common guidelines for a pull request are followed. You can find a more complete discussion of PowerShell cmdlet best practices here<https://msdn.microsoft.com/en-us/library/dd878270(v=vs.85).aspx>.
* I have read the contribution guidelines<https://github.com/Azure/azure-powershell/blob/preview/CONTRIBUTING.md>.
* If changes were made to any cmdlet, the XML help was regenerated using the platyPSHelp module<https://github.com/Azure/azure-powershell/blob/preview/documentation/help-generation.md>.
* If any large changes are made to a service, they are reflected in the respective change log<https://github.com/Azure/azure-powershell/blob/preview/CONTRIBUTING.md#updating-the-change-log>.
General Guidelines<https://github.com/Azure/azure-powershell/blob/preview/CONTRIBUTING.md#general-guidelines>
* Title of the pull request is clear and informative.
* There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page<https://github.com/Azure/azure-powershell/blob/preview/documentation/cleaning-up-commits.md>.
* The pull request does not introduce breaking changes<https://github.com/Azure/azure-powershell/blob/preview/documentation/breaking-changes/breaking-changes-definition.md> (unless a major version change occurs in the assembly and module).
Testing Guidelines<https://github.com/Azure/azure-powershell/blob/preview/CONTRIBUTING.md#testing-guidelines>
* Pull request includes test coverage for the included changes.
* PowerShell scripts used in tests should do any necessary setup as part of the test or suite setup, and should not use hard-coded values for locations or existing resources.
Cmdlet Signature Guidelines<https://github.com/Azure/azure-powershell/blob/preview/CONTRIBUTING.md#cmdlet-signature-guidelines>
* New cmdlets that make changes or have side effects should implement ShouldProcess and have SupportShouldProcess=true specified in the cmdlet attribute. You can find more information on ShouldProcess here<https://github.com/Azure/azure-powershell/wiki/PowerShell-Cmdlet-Design-Guidelines#supportsshouldprocess>.
* Cmdlet specifies OutputType attribute if any output is produced - if the cmdlet produces no output, it should implement a PassThru parameter.
Cmdlet Parameter Guidelines<https://github.com/Azure/azure-powershell/blob/preview/CONTRIBUTING.md#cmdlet-parameter-guidelines>
* Parameter types should not expose types from the management library - complex parameter types should be defined in the module.
* Complex parameter types are discouraged - a parameter type should be simple types as often as possible. If complex types are used, they should be shallow and easily creatable from a constructor or another cmdlet.
* Cmdlet parameter sets should be mutually exclusive - each parameter set must have at least one mandatory parameter not in other parameter sets.
________________________________
You can view, comment on, or merge this pull request online at:
#5135
Commit Summary
* Removed check throwing exception for AccessToken authentication
* Removed check for empty tenantId
File Changes
* M src/ResourceManager/KeyVault/Commands.KeyVault/Models/DataServiceCredential.cs<https://github.com/Azure/azure-powershell/pull/5135/files#diff-0> (6)
Patch Links:
* https://github.com/Azure/azure-powershell/pull/5135.patch
* https://github.com/Azure/azure-powershell/pull/5135.diff
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#5135>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AO7uFVjphF0BVDWq3nWWwTf60QW0rSPWks5s_ws4gaJpZM4Q_yQW>.
|
markcowl
requested changes
Dec 20, 2017
| @@ -94,8 +90,6 @@ private static string GetTenantId(IAzureContext context) | |||
|
|
|||
| private static Tuple<IAccessToken, string> GetTokenInternal(string tenantId, IAuthenticationFactory authFactory, IAzureContext context, string resourceIdEndpoint) | |||
| { | |||
| if (string.IsNullOrWhiteSpace(tenantId)) | |||
There was a problem hiding this comment.
@tiffanyachen Correct, that would eb the correct thing to do here.
|
Closing in favor of #5158 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Removing exceptions thrown for AccessToken authentication - further work likely needed post update on the AuthenticationFactory side.
Description
This checklist is used to make sure that common guidelines for a pull request are followed. You can find a more complete discussion of PowerShell cmdlet best practices here.
General Guidelines
Testing Guidelines
Cmdlet Signature Guidelines
ShouldProcessand haveSupportShouldProcess=truespecified in the cmdlet attribute. You can find more information onShouldProcesshere.OutputTypeattribute if any output is produced - if the cmdlet produces no output, it should implement aPassThruparameter.Cmdlet Parameter Guidelines