Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade our authentication library to support MSAL #1942

Closed
wants to merge 15 commits into from
Closed

Upgrade our authentication library to support MSAL #1942

wants to merge 15 commits into from

Conversation

thomas11
Copy link
Contributor

@thomas11 thomas11 commented Aug 29, 2022
edited
Loading

The latest version of hashicorp/go-azure-helpers/authentication supports the new MSAL authentication (#1566).

This PR also addresses #1565 by requiring the user to have a compatible version of the Azure CLI installed and printing an informative message if not. The corresponding documentation change is in pulumi/registry#1420.

Here's a test of the version handling, done by putting a shell script named az in my path that just prints some version.

➜  az version
{
  "azure-cli": "2.36.0"
}
➜  pulumi up
Previewing update (dev)
...
Diagnostics:
  azure-native:resources:ResourceGroup (resourceGroup):
    error: checking az version: found incompatible az version 2.36.0. Please make sure the Azure CLI 2.37 or greater, but less than 3.x, is installed.
 

➜  az version
{
  "azure-cli": "2.3.7"
}
➜  pulumi up 
Previewing update (dev)
...
Diagnostics:
  azure-native:resources:ResourceGroup (resourceGroup):
    error: checking az version: found incompatible az version 2.3.7. Please make sure the Azure CLI 2.37 or greater, but less than 3.x, is installed.
 

➜  pulumi up
Previewing update (dev)
...
Diagnostics:
  azure-native:resources:ResourceGroup (resourceGroup):
    error: checking az version: found incompatible az version 2.0.0. Please make sure the Azure CLI 2.37 or greater, but less than 3.x, is installed.
 

➜  pulumi up
Previewing update (dev)
...
Diagnostics:
  azure-native:resources:ResourceGroup (resourceGroup):
    error: checking az version: found incompatible az version 3.0.0. Please make sure the Azure CLI 2.37 or greater, but less than 3.x, is installed.
 

➜  mv ~/go/bin/az ~/go/bin/fake_az
➜  az version
{
  "azure-cli": "2.39.0",
  "azure-cli-core": "2.39.0",
  "azure-cli-telemetry": "1.0.6",
  "extensions": {}
}
➜  pulumi up                      
Previewing update (dev)
...
Resources:
    + 3 to create
Do you want to perform this update? no

➜  mv /opt/homebrew/bin/az /opt/homebrew/bin/aztemp
➜  az version
zsh: command not found: az
➜  pulumi up                                       
Previewing update (dev)
...
Diagnostics:
  azure-native:resources:ResourceGroup (resourceGroup):
    error: checking az version: could not find `az`. Please make sure the Azure CLI 2.37 or greater, but less than 3.x, is installed.

➜  mv /opt/homebrew/bin/aztemp /opt/homebrew/bin/az
➜  az version
{
  "azure-cli": "2.39.0",
  "azure-cli-core": "2.39.0",
  "azure-cli-telemetry": "1.0.6",
  "extensions": {}
}

@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

lblackstone
lblackstone reviewed Aug 29, 2022
View reviewed changes
Copy link
Member

@lblackstone lblackstone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM overall. Is this already tested as part of CI?

provider/pkg/provider/provider.go Outdated Show resolved Hide resolved
@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from 4d08db8 to d101df4 Compare August 31, 2022 21:59
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from d101df4 to abd9328 Compare September 5, 2022 21:11
@github-actions
Copy link

github-actions bot commented Sep 5, 2022

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from abd9328 to dc817a3 Compare September 6, 2022 21:48
@github-actions
Copy link

github-actions bot commented Sep 7, 2022

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@guineveresaenger
Copy link
Contributor

I hooked this up to a local build for auth suggestions and it turns out my az CLI wasn't up to snuff, so the version verifier worked for me:

Screen Shot 2022-09-07 at 4 30 42 PM

Screen Shot 2022-09-07 at 4 31 35 PM

viveklak
viveklak reviewed Sep 7, 2022
View reviewed changes
provider/pkg/provider/provider.go Outdated Show resolved Hide resolved
provider/pkg/provider/provider.go Outdated Show resolved Hide resolved
provider/pkg/provider/provider.go Outdated Show resolved Hide resolved
provider/pkg/provider/provider.go Outdated Show resolved Hide resolved
provider/pkg/provider/provider.go Outdated Show resolved Hide resolved
@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from dc817a3 to 755b29b Compare September 8, 2022 04:23
@github-actions
Copy link

github-actions bot commented Sep 8, 2022

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

mikhailshilkov
mikhailshilkov reviewed Sep 8, 2022
View reviewed changes
provider/pkg/provider/provider.go Outdated
}

if actual.LessThan(minAzVersion) || actual.GreaterThanOrEqual(nextMajorAzVersion) {
return fmt.Errorf("found incompatible az version %s. %s", actual, versionHint)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this break users on older CLI versions that currently work? Is this a breaking change that we can ship? Could we fall back to the old auth mechanism for older CLIs?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't know if there's a fallback option, but if the version is outside the expected range perhaps we could print a big warning but attempt to carry on?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CLI version 2.34 from March 1 2022 broke our users, like in #1565. Version 2.37 from May 24 2022 works again. The hashicorp/go-azure-helpers library only requires that the version is at least 2.0.81. So you're right @mikhailshilkov, we can actually allow versions between 2.0.81 and 2.33 and only exclude 2.34-2.36.

@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from 755b29b to 08bbaa0 Compare September 8, 2022 19:25
@github-actions
Copy link

github-actions bot commented Sep 8, 2022

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

danielrbradley
danielrbradley reviewed Sep 9, 2022
View reviewed changes
Copy link
Member

@danielrbradley danielrbradley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is basically ready to merge. I've left a couple of suggestions around messages back to the user if something goes wrong:

  1. Aim to point them to where to help themselves.
  2. Include information so we could reason about exactly why failures happened based on their local system.

Having said that, these are all things that could be added later, so let's not delay too much as this will already be a huge step forward for many users!

@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from 08bbaa0 to 6bbbe87 Compare September 14, 2022 22:59
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from dbfce6a to b0bbaed Compare September 15, 2022 18:10
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from b0bbaed to 0d3d2db Compare September 15, 2022 21:53
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

1 similar comment
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@thomas11 thomas11 force-pushed the tkappler/upgrade-azure-helpers branch from 111c536 to 31115e0 Compare September 23, 2022 17:38
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.
Looking good! No API changes found.

@thomas11 thomas11 mentioned this pull request Sep 23, 2022
Merged
@thomas11 thomas11 marked this pull request as draft October 28, 2022 20:37
@myhau myhau mentioned this pull request Dec 15, 2022
Open
@thomas11 thomas11 added the resolution/duplicate This issue is a duplicate of another issue label Mar 31, 2023
@thomas11
Copy link
Contributor Author

Implemented by #2320

@thomas11 thomas11 closed this Mar 31, 2023
@thomas11 thomas11 deleted the tkappler/upgrade-azure-helpers branch February 13, 2024 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stack72 stack72 stack72 left review comments

@viveklak viveklak viveklak left review comments

@mikhailshilkov mikhailshilkov mikhailshilkov left review comments

@lblackstone lblackstone lblackstone left review comments

@guineveresaenger guineveresaenger guineveresaenger left review comments

@danielrbradley danielrbradley danielrbradley approved these changes

@jkisk jkisk Awaiting requested review from jkisk

Assignees
No one assigned
Labels
resolution/duplicate This issue is a duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@thomas11 @guineveresaenger @stack72 @danielrbradley @viveklak @mikhailshilkov @lblackstone