Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle Azure authentication when WorkspaceResourceID is provided #597

Merged
merged 3 commits into from
Sep 5, 2023

Conversation

hectorcast-db
Copy link
Contributor

@hectorcast-db hectorcast-db commented Aug 31, 2023

Changes

Handle Azure authentication when WorkspaceResourceID is provided

Get token for the correct subscription

Tests

  • Created Unit tests
  • Manually listed workspace cluster in the following scenarios:
    • User with wrong default tenant. No WorkspaceResourceID provided: Fail (expected). WARN log emitted.
    • User with wrong default tenant. WorkspaceResourceID provided: Succeed
    • User with no subscription. No WorkspaceResourceID provided: Succeed. WARN log emitted.
    • User with no subscription. WorkspaceResourceID provided: Succeed (fallback mode, expected).

@hectorcast-db hectorcast-db requested a review from mgyucht August 31, 2023 13:43
@codecov-commenter
Copy link

codecov-commenter commented Aug 31, 2023

Codecov Report

Patch coverage is 8.88% of modified lines.

Files Changed Coverage
config/auth_azure_client_secret.go 0.00%
config/auth_azure_msi.go 0.00%
openapi/code/entity.go ø
openapi/code/wait.go 0.00%
openapi/model.go 0.00%
service/billing/impl.go 0.00%
service/catalog/api.go 0.00%
service/catalog/impl.go 0.00%
service/catalog/model.go 0.00%
service/compute/api.go 0.00%
... and 38 more

📢 Thoughts on this report? Let us know!.

Comment on lines 115 to 137
if subscription != "" {
extendedArgs := make([]string, len(args))
copy(extendedArgs, args)
extendedArgs = append(extendedArgs, "--subscription", subscription)
// This will fail if the user has access to the workspace, but not to the subscription
// itself.
// In such case, we fall back to not using the subscription.
result, err := exec.Command("az", extendedArgs...).Output()
if err != nil {
logger.Warnf(context.Background(), "Failed to get token for subscription. Using resource only token.")
} else {
out = result
}
}
if err != nil {
return nil, fmt.Errorf("cannot get access token: %v", err)
if out == nil {
result, err := exec.Command("az", args...).Output()
if ee, ok := err.(*exec.ExitError); ok {
return nil, fmt.Errorf("cannot get access token: %s", string(ee.Stderr))
}
if err != nil {
return nil, fmt.Errorf("cannot get access token: %v", err)
}
out = result
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Behavior LGTM, but let's refactor this into a method:

func (...) getTokenBytes() ([]byte, error) {}

Copy link
Contributor

@mgyucht mgyucht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small nit, otherwise LGTM!

return nil, fmt.Errorf("cannot get access token: %s", string(ee.Stderr))
}
if err != nil {
return nil, fmt.Errorf("cannot get access token: %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use %w to wrap errors, unless for some reason we don't want to expose the underlying error?

@mgyucht mgyucht added this pull request to the merge queue Sep 5, 2023
@mgyucht mgyucht changed the title [DECO-2484] Handle Azure authentication when WorkspaceResourceID is provided Handle Azure authentication when WorkspaceResourceID is provided Sep 5, 2023
Merged via the queue into main with commit dd48316 Sep 5, 2023
@mgyucht mgyucht deleted the DECO-2484 branch September 5, 2023 10:10
tanmay-db added a commit that referenced this pull request Sep 6, 2023
* Handle Azure authentication when WorkspaceResourceID is provided ([#597](#597)).
* Revert error message changes from client.go ([#604](#604)).
* Reuse tokens after first call to Azure CLI ([#605](#605)).
* Update error message assertions ([#607](#607)).
@tanmay-db tanmay-db mentioned this pull request Sep 6, 2023
tanmay-db added a commit that referenced this pull request Sep 6, 2023
* Handle Azure authentication when WorkspaceResourceID is provided ([#597](#597)).
* Revert error message changes from client.go ([#604](#604)).
* Reuse tokens after first call to Azure CLI ([#605](#605)).
* Update error message assertions ([#607](#607)).
tanmay-db added a commit that referenced this pull request Sep 6, 2023
* Handle Azure authentication when WorkspaceResourceID is provided ([#597](#597)).
* Revert error message changes from client.go ([#604](#604)).
* Reuse tokens after first call to Azure CLI ([#605](#605)).
* Update error message assertions ([#607](#607)).
tanmay-db added a commit that referenced this pull request Sep 6, 2023
* Handle Azure authentication when WorkspaceResourceID is provided ([#597](#597)).
* Revert error message changes from client.go ([#604](#604)).
* Reuse tokens after first call to Azure CLI ([#605](#605)).
* Update error message assertions ([#607](#607)).
github-merge-queue bot pushed a commit that referenced this pull request Sep 7, 2023
* Handled Azure authentication when WorkspaceResourceID is provided
([#597](#597)).
* Reverted error message changes from client.go
([#604](#604)).
* Reused tokens after first call to Azure CLI
([#605](#605)).
* Updated error message assertions
([#607](#607)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants