auth: support service principal sn+issuer auth #7609
Conversation
|
@tjprescott @williexu, can one of you help take a look? |
src/azure-cli-core/HISTORY.rst
Outdated
|
|
||
| 2.0.49 | ||
| ++++++ | ||
| * auth: support service principal sn+issuer auth |
There was a problem hiding this comment.
This is duplicated. Should only be in 2.0.50.
| @@ -193,9 +195,10 @@ def find_subscriptions_on_login(self, | |||
| if is_service_principal: | |||
| if not tenant: | |||
| raise CLIError('Please supply tenant using "--tenant"') | |||
| sp_auth = ServicePrincipalAuth(password) | |||
| sp_auth = ServicePrincipalAuth(password, use_sn_issuer) | |||
There was a problem hiding this comment.
It means certificate subject name :). This abbreviation is used in the auth flow doc across, so i just use it. I know there is a risk it could be taken as serial number, so I used the full term in the command help.
There was a problem hiding this comment.
let me rename to --use-cert-sn-issuer to make it a bit more clear
| @@ -96,6 +96,10 @@ def login(cmd, username=None, password=None, service_principal=None, tenant=None | |||
| raise CLIError("usage error: '--identity' is not applicable with other arguments") | |||
| if any([password, service_principal, username, identity]) and use_device_code: | |||
| raise CLIError("usage error: '--use-device-code' is not applicable with other arguments") | |||
| if use_sn_issuer and not service_principal: | |||
| raise CLIError("usage error: '--use-sn-issuer' is only appliable with a service principal") | |||
yugangw-msft
force-pushed
the
sn
branch
2 times, most recently
from
1291127
to
69f00ae
Compare
| if use_cert_sn_issuer and not service_principal: | ||
| raise CLIError("usage error: '--use-sn-issuer' is only applicable with a service principal") | ||
| if service_principal and not username: | ||
| raise CLIError('usage error: --service-principal --username NAME --password SECRET -t TENANT') |
There was a problem hiding this comment.
should we use the full option --tenant here?
| 2.0.50 | ||
| ++++++ | ||
| * Fix issue where update commands using `--remove` and `--ids` fail after first update is applied to first resource in ids list. | ||
| * auth: support service principal sn+issuer auth |
There was a problem hiding this comment.
Was the previous history change unnecessary to include in History.rst
There was a problem hiding this comment.
The deleted history entry was part of 2.0.49.
The goal is to support automatic certificate rolls. The tenant must be pre-configured with only accepting certain issuers such as AME.
Mark it as
do not mergeas we are waiting for a new release of adal to have the capacity. Once it happens, i will update the PR with test coverage.The PR has modified HISTORY.rst describing any customer-facing, functional changes. Note that this does not include changes only to help content. (see Modifying change log).
I adhere to the Command Guidelines.