-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Show Logged in account email or client ID for azd auth login
and azd auth login --check-status
#2856
base: main
Are you sure you want to change the base?
Conversation
@ellismg I learned about service principal and handled their exception. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still a little confused on how this ends up working. From your screenshot, it looks like you did the right thing, but I'm confused on how it works with the current diff.
My belief is that when you are logged in with a service principal, the call to readUserProperties in auth/manager is going to return a user properties struct that has a nil HomeAccountID and so GetSignedInAccount will return (nil, nil). I think that will cause a panic when we try to dereference the PerferredUsername.
Were there additional commits that fixed this up that you just missed pushing? Or is my mental model on how this code works incorrect?
Co-authored-by: Matt Ellis <[email protected]>
(L343) This is the line that gets triggered to print the service principal client ID note that in the screen shot that I shared before I was trying to log in not trying to check-status that's why it's not consistent in the code. Let me think about it and get back to you, I found that there is a difference between logging in and checking the status so, I will try to make the whole code more consistent as it's as confusing to me as it is to you. Update 1:In this commit dc1b59b I added the feature to display the logged in user email or service principal on successful login to make the code consistent output of command output of command Currently trying to figure out how to get the service principal client id from something other than the flags to display it on the - Update 2:I couldn't get the client id when a service principal account loggs in so, I implemented a new function in the auth.Manager to get it. f3f830a Full flow of
|
azd auth login --check-status
azd auth login
and azd auth login --check-status
azd auth login
and azd auth login --check-status
azd auth login
and azd auth login --check-status
@@ -720,6 +720,26 @@ func (m *Manager) getSignedInAccount(ctx context.Context) (*public.Account, erro | |||
return nil, nil | |||
} | |||
|
|||
// GetLoggedInServicePrincipalClientID fetches the client ID for the signed in service principal, | |||
// or nil if one does not exist. | |||
func (m *Manager) GetLoggedInServicePrincipalClientID(ctx context.Context) (*string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
azd supports logging in with:
- Using
client-id
- service principal (secret pass)
- service principal (certificate)
- Federated Token
- External auth
- using az cli as token provider
- Using web browser
- device-code
- Interactive auth
I wouldn't like the idea of adding a new function for each supported scenario like GetLoggedIn<scenario-name>(ctx)
My recommendation is:
- Keep
getSignedInAccount()
private - Create a new structure in
auth package
(auth/manager.go) liketype LogInDetails struct
- Define a
loginType string
andaccount string
insideLogInDetails
(to start with) - Adda new method for the
Manager
in auth package likeLogInDetails(ctx) (*LogInDetails, error) {}
and implement it for returning the information for the actual log in.- Create string enum for the login type.
- Use the
LogInDetails
results from theauth login
command.
This approach would allow future iterations to easily add more information about the login (for example, adding the date of logged in, if device-code was used, etc.). We would also let the auth-Manager to be the one who knows how to recover/pull the login info details, w/o the azd-command trying to pull each type to guess the one that was used.
@ellismg for reviewing the proposal.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wouldn't like the idea of adding a new function for each supported scenario like GetLoggedIn(ctx)
not sure if this is the case that we have here.
The current function getSignedInAccount()
works with any type of login the problem that made me create another one is that getSignedInAccount()
returns nil if you are signing in with a service principal account so If you are signing in with a normal email whatever sign-in method you are using getSignedInAccount()
will work as it has been working.
That's why I created the other function to get the service principal without changing the current functionality of getSignedInAccount()
not because it's a different scenario of login.
I'm okay with implementing your idea so, let's wait for Matt's review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My proposal's main intention is having a design which allows adding more information about the login in the future, like the type, time, etc.
It is not 100% required to complete the requirements from the associated issue, in this case. But I would take the change to set the foundation that enables getting all details about the login.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand, let's wait for Matt and see.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rajeshkamal5050 we need Matt's input on it, what approach should we take in resolving this?
@vhvb1989 suggested a plan for it and I'm happy to implement but was waiting for any feedback from Matt to avoid rework.
@ellismg @vhvb1989 are we still looking into this enhancement and is the PR still valid? @john0isaac can we close this and open a new one incorporating feedback? |
closes #1745
Full flow of
azd auth login
andazd auth login --check-status
with normal accountFull flow of
azd auth login
andazd auth login --check-status
with service principal