mirror of
https://github.com/Azure/cosmos-explorer.git
synced 2024-11-24 22:46:40 +00:00
Support multi-tenant switching for Data Plane RBAC (#1988)
* Fix API endpoint for CassandraProxy query API * activate Mongo Proxy and Cassandra Proxy in Prod * Add CP Prod endpoint * Run npm format and tests * Revert code * fix bug that blocked local mongo proxy and cassandra proxy development * Add prod endpoint * fix pr check tests * Remove prod * Remove prod endpoint * Remove dev endpoint * Support data plane RBAC * Support data plane RBAC * Add additional changes for Portal RBAC functionality * Remove unnecessary code * Remove unnecessary code * Add code to fix VCoreMongo/PG bug * Address feedback * Add more logs for RBAC feature * Add more logs for RBAC features * Add AAD endpoints for all environments * Add AAD endpoints * Run npm format * Support multi-tenant switching for Data Plane RBAC * Remove tenantID duplicates --------- Co-authored-by: Senthamil Sindhu <sindhuba@microsoft.com> Co-authored-by: Asier Isayas <aisayas@microsoft.com>
This commit is contained in:
parent
ac2e2a6f8e
commit
c1bc11d27d
@ -381,8 +381,9 @@ export enum TerminalKind {
|
|||||||
export interface DataExplorerInputsFrame {
|
export interface DataExplorerInputsFrame {
|
||||||
databaseAccount: any;
|
databaseAccount: any;
|
||||||
subscriptionId?: string;
|
subscriptionId?: string;
|
||||||
tenantId?: string;
|
|
||||||
resourceGroup?: string;
|
resourceGroup?: string;
|
||||||
|
tenantId?: string;
|
||||||
|
userName?: string;
|
||||||
masterKey?: string;
|
masterKey?: string;
|
||||||
hasWriteAccess?: boolean;
|
hasWriteAccess?: boolean;
|
||||||
authorizationToken?: string;
|
authorizationToken?: string;
|
||||||
|
@ -75,6 +75,7 @@ export interface UserContext {
|
|||||||
readonly masterKey?: string;
|
readonly masterKey?: string;
|
||||||
readonly subscriptionId?: string;
|
readonly subscriptionId?: string;
|
||||||
readonly tenantId?: string;
|
readonly tenantId?: string;
|
||||||
|
readonly userName?: string;
|
||||||
readonly resourceGroup?: string;
|
readonly resourceGroup?: string;
|
||||||
readonly databaseAccount?: DatabaseAccount;
|
readonly databaseAccount?: DatabaseAccount;
|
||||||
readonly endpoint?: string;
|
readonly endpoint?: string;
|
||||||
|
@ -91,7 +91,8 @@ export async function acquireMsalTokenForAccount(
|
|||||||
// This will eventually throw InteractionRequiredAuthError if silent is true, we won't handle it here.
|
// This will eventually throw InteractionRequiredAuthError if silent is true, we won't handle it here.
|
||||||
const loginRequest = {
|
const loginRequest = {
|
||||||
scopes: [hrefEndpoint],
|
scopes: [hrefEndpoint],
|
||||||
loginHint: user_hint,
|
loginHint: user_hint ?? userContext.userName,
|
||||||
|
authority: userContext.tenantId ? `${configContext.AAD_ENDPOINT}${userContext.tenantId}` : undefined,
|
||||||
};
|
};
|
||||||
try {
|
try {
|
||||||
if (silent) {
|
if (silent) {
|
||||||
@ -132,7 +133,8 @@ export async function acquireMsalTokenForAccount(
|
|||||||
account: msalAccount || null,
|
account: msalAccount || null,
|
||||||
forceRefresh: true,
|
forceRefresh: true,
|
||||||
scopes: [hrefEndpoint],
|
scopes: [hrefEndpoint],
|
||||||
authority: `${configContext.AAD_ENDPOINT}${msalAccount.tenantId}`,
|
loginHint: user_hint ?? userContext.userName,
|
||||||
|
authority: `${configContext.AAD_ENDPOINT}${userContext.tenantId ?? msalAccount.tenantId}`,
|
||||||
};
|
};
|
||||||
return acquireTokenWithMsal(msalInstance, tokenRequest, silent);
|
return acquireTokenWithMsal(msalInstance, tokenRequest, silent);
|
||||||
}
|
}
|
||||||
|
@ -695,6 +695,7 @@ function updateContextsFromPortalMessage(inputs: DataExplorerInputsFrame) {
|
|||||||
subscriptionId: inputs.subscriptionId,
|
subscriptionId: inputs.subscriptionId,
|
||||||
tenantId: inputs.tenantId,
|
tenantId: inputs.tenantId,
|
||||||
subscriptionType: inputs.subscriptionType,
|
subscriptionType: inputs.subscriptionType,
|
||||||
|
userName: inputs.userName,
|
||||||
quotaId: inputs.quotaId,
|
quotaId: inputs.quotaId,
|
||||||
portalEnv: inputs.serverId as PortalEnv,
|
portalEnv: inputs.serverId as PortalEnv,
|
||||||
hasWriteAccess: inputs.hasWriteAccess ?? true,
|
hasWriteAccess: inputs.hasWriteAccess ?? true,
|
||||||
|
Loading…
Reference in New Issue
Block a user