Support multi-tenant switching for Data Plane RBAC (#1988)

* Fix API endpoint for CassandraProxy query API

* activate Mongo Proxy and Cassandra Proxy in Prod

* Add CP Prod endpoint

* Run npm format and tests

* Revert code

* fix bug that blocked local mongo proxy and cassandra proxy development

* Add prod endpoint

* fix pr check tests

* Remove prod

* Remove prod endpoint

* Remove dev endpoint

* Support data plane RBAC

* Support data plane RBAC

* Add additional changes for Portal RBAC functionality

* Remove unnecessary code

* Remove unnecessary code

* Add code to fix VCoreMongo/PG bug

* Address feedback

* Add more logs for RBAC feature

* Add more logs for RBAC features

* Add AAD endpoints for all environments

* Add AAD endpoints

* Run npm format

* Support multi-tenant switching for Data Plane RBAC

* Remove tenantID duplicates

---------

Co-authored-by: Senthamil Sindhu <sindhuba@microsoft.com>
Co-authored-by: Asier Isayas <aisayas@microsoft.com>

src/Contracts/ViewModels.ts

@@ -381,8 +381,9 @@ export enum TerminalKind {
 export interface DataExplorerInputsFrame {
   databaseAccount: any;
   subscriptionId?: string;
-  tenantId?: string;
   resourceGroup?: string;
+  tenantId?: string;
+  userName?: string;
   masterKey?: string;
   hasWriteAccess?: boolean;
   authorizationToken?: string;

src/UserContext.ts

@@ -75,6 +75,7 @@ export interface UserContext {
   readonly masterKey?: string;
   readonly subscriptionId?: string;
   readonly tenantId?: string;
+  readonly userName?: string;
   readonly resourceGroup?: string;
   readonly databaseAccount?: DatabaseAccount;
   readonly endpoint?: string;

src/Utils/AuthorizationUtils.ts

@@ -91,7 +91,8 @@ export async function acquireMsalTokenForAccount(
     // This will eventually throw InteractionRequiredAuthError if silent is true, we won't handle it here.
     const loginRequest = {
       scopes: [hrefEndpoint],
-      loginHint: user_hint,
+      loginHint: user_hint ?? userContext.userName,
+      authority: userContext.tenantId ? `${configContext.AAD_ENDPOINT}${userContext.tenantId}` : undefined,
     };
     try {
       if (silent) {
@@ -132,7 +133,8 @@ export async function acquireMsalTokenForAccount(
     account: msalAccount || null,
     forceRefresh: true,
     scopes: [hrefEndpoint],
-    authority: `${configContext.AAD_ENDPOINT}${msalAccount.tenantId}`,
+    loginHint: user_hint ?? userContext.userName,
+    authority: `${configContext.AAD_ENDPOINT}${userContext.tenantId ?? msalAccount.tenantId}`,
   };
   return acquireTokenWithMsal(msalInstance, tokenRequest, silent);
 }

src/hooks/useKnockoutExplorer.ts

@@ -695,6 +695,7 @@ function updateContextsFromPortalMessage(inputs: DataExplorerInputsFrame) {
     subscriptionId: inputs.subscriptionId,
     tenantId: inputs.tenantId,
     subscriptionType: inputs.subscriptionType,
+    userName: inputs.userName,
     quotaId: inputs.quotaId,
     portalEnv: inputs.serverId as PortalEnv,
     hasWriteAccess: inputs.hasWriteAccess ?? true,