Support multi-tenant switching for Data Plane RBAC (#1988)

* Fix API endpoint for CassandraProxy query API * activate Mongo Proxy and Cassandra Proxy in Prod * Add CP Prod endpoint * Run npm format and tests * Revert code * fix bug that blocked local mongo proxy and cassandra proxy development * Add prod endpoint * fix pr check tests * Remove prod * Remove prod endpoint * Remove dev endpoint * Support data plane RBAC * Support data plane RBAC * Add additional changes for Portal RBAC functionality * Remove unnecessary code * Remove unnecessary code * Add code to fix VCoreMongo/PG bug * Address feedback * Add more logs for RBAC feature * Add more logs for RBAC features * Add AAD endpoints for all environments * Add AAD endpoints * Run npm format * Support multi-tenant switching for Data Plane RBAC * Remove tenantID duplicates --------- Co-authored-by: Senthamil Sindhu <sindhuba@microsoft.com> Co-authored-by: Asier Isayas <aisayas@microsoft.com>
2024-10-10 16:36:19 +02:00 · 2024-10-10 16:36:19 +02:00 · c1bc11d27d
parent ac2e2a6f8e
commit c1bc11d27d
4 changed files with 8 additions and 3 deletions
--- a/src/Contracts/ViewModels.ts
+++ b/src/Contracts/ViewModels.ts
@ -381,8 +381,9 @@ export enum TerminalKind {
 export interface DataExplorerInputsFrame {
  databaseAccount: any;
  subscriptionId?: string;
-  tenantId?: string;
  resourceGroup?: string;
+  tenantId?: string;
+  userName?: string;
  masterKey?: string;
  hasWriteAccess?: boolean;
  authorizationToken?: string;
--- a/src/UserContext.ts
+++ b/src/UserContext.ts
@ -75,6 +75,7 @@ export interface UserContext {
  readonly masterKey?: string;
  readonly subscriptionId?: string;
  readonly tenantId?: string;
+  readonly userName?: string;
  readonly resourceGroup?: string;
  readonly databaseAccount?: DatabaseAccount;
  readonly endpoint?: string;
--- a/src/Utils/AuthorizationUtils.ts
+++ b/src/Utils/AuthorizationUtils.ts
@ -91,7 +91,8 @@ export async function acquireMsalTokenForAccount(
    // This will eventually throw InteractionRequiredAuthError if silent is true, we won't handle it here.
    const loginRequest = {
      scopes: [hrefEndpoint],
-      loginHint: user_hint,
+      loginHint: user_hint ?? userContext.userName,
+      authority: userContext.tenantId ? `${configContext.AAD_ENDPOINT}${userContext.tenantId}` : undefined,
    };
    try {
      if (silent) {
@ -132,7 +133,8 @@ export async function acquireMsalTokenForAccount(
    account: msalAccount || null,
    forceRefresh: true,
    scopes: [hrefEndpoint],
-    authority: `${configContext.AAD_ENDPOINT}${msalAccount.tenantId}`,
+    loginHint: user_hint ?? userContext.userName,
+    authority: `${configContext.AAD_ENDPOINT}${userContext.tenantId ?? msalAccount.tenantId}`,
  };
  return acquireTokenWithMsal(msalInstance, tokenRequest, silent);
 }
--- a/src/hooks/useKnockoutExplorer.ts
+++ b/src/hooks/useKnockoutExplorer.ts
@ -695,6 +695,7 @@ function updateContextsFromPortalMessage(inputs: DataExplorerInputsFrame) {
    subscriptionId: inputs.subscriptionId,
    tenantId: inputs.tenantId,
    subscriptionType: inputs.subscriptionType,
+    userName: inputs.userName,
    quotaId: inputs.quotaId,
    portalEnv: inputs.serverId as PortalEnv,
    hasWriteAccess: inputs.hasWriteAccess ?? true,