Support multi-tenant switching for Data Plane RBAC (#1988)

* Fix API endpoint for CassandraProxy query API

* activate Mongo Proxy and Cassandra Proxy in Prod

* Add CP Prod endpoint

* Run npm format and tests

* Revert code

* fix bug that blocked local mongo proxy and cassandra proxy development

* Add prod endpoint

* fix pr check tests

* Remove prod

* Remove prod endpoint

* Remove dev endpoint

* Support data plane RBAC

* Support data plane RBAC

* Add additional changes for Portal RBAC functionality

* Remove unnecessary code

* Remove unnecessary code

* Add code to fix VCoreMongo/PG bug

* Address feedback

* Add more logs for RBAC feature

* Add more logs for RBAC features

* Add AAD endpoints for all environments

* Add AAD endpoints

* Run npm format

* Support multi-tenant switching for Data Plane RBAC

* Remove tenantID duplicates

---------

Co-authored-by: Senthamil Sindhu <sindhuba@microsoft.com>
Co-authored-by: Asier Isayas <aisayas@microsoft.com>
This commit is contained in:
Vsevolod Kukol 2024-10-10 16:36:19 +02:00 committed by GitHub
parent ac2e2a6f8e
commit c1bc11d27d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 8 additions and 3 deletions

View File

@ -381,8 +381,9 @@ export enum TerminalKind {
export interface DataExplorerInputsFrame { export interface DataExplorerInputsFrame {
databaseAccount: any; databaseAccount: any;
subscriptionId?: string; subscriptionId?: string;
tenantId?: string;
resourceGroup?: string; resourceGroup?: string;
tenantId?: string;
userName?: string;
masterKey?: string; masterKey?: string;
hasWriteAccess?: boolean; hasWriteAccess?: boolean;
authorizationToken?: string; authorizationToken?: string;

View File

@ -75,6 +75,7 @@ export interface UserContext {
readonly masterKey?: string; readonly masterKey?: string;
readonly subscriptionId?: string; readonly subscriptionId?: string;
readonly tenantId?: string; readonly tenantId?: string;
readonly userName?: string;
readonly resourceGroup?: string; readonly resourceGroup?: string;
readonly databaseAccount?: DatabaseAccount; readonly databaseAccount?: DatabaseAccount;
readonly endpoint?: string; readonly endpoint?: string;

View File

@ -91,7 +91,8 @@ export async function acquireMsalTokenForAccount(
// This will eventually throw InteractionRequiredAuthError if silent is true, we won't handle it here. // This will eventually throw InteractionRequiredAuthError if silent is true, we won't handle it here.
const loginRequest = { const loginRequest = {
scopes: [hrefEndpoint], scopes: [hrefEndpoint],
loginHint: user_hint, loginHint: user_hint ?? userContext.userName,
authority: userContext.tenantId ? `${configContext.AAD_ENDPOINT}${userContext.tenantId}` : undefined,
}; };
try { try {
if (silent) { if (silent) {
@ -132,7 +133,8 @@ export async function acquireMsalTokenForAccount(
account: msalAccount || null, account: msalAccount || null,
forceRefresh: true, forceRefresh: true,
scopes: [hrefEndpoint], scopes: [hrefEndpoint],
authority: `${configContext.AAD_ENDPOINT}${msalAccount.tenantId}`, loginHint: user_hint ?? userContext.userName,
authority: `${configContext.AAD_ENDPOINT}${userContext.tenantId ?? msalAccount.tenantId}`,
}; };
return acquireTokenWithMsal(msalInstance, tokenRequest, silent); return acquireTokenWithMsal(msalInstance, tokenRequest, silent);
} }

View File

@ -695,6 +695,7 @@ function updateContextsFromPortalMessage(inputs: DataExplorerInputsFrame) {
subscriptionId: inputs.subscriptionId, subscriptionId: inputs.subscriptionId,
tenantId: inputs.tenantId, tenantId: inputs.tenantId,
subscriptionType: inputs.subscriptionType, subscriptionType: inputs.subscriptionType,
userName: inputs.userName,
quotaId: inputs.quotaId, quotaId: inputs.quotaId,
portalEnv: inputs.serverId as PortalEnv, portalEnv: inputs.serverId as PortalEnv,
hasWriteAccess: inputs.hasWriteAccess ?? true, hasWriteAccess: inputs.hasWriteAccess ?? true,