Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SSH] SSH extension should remove the usage of get_msal_token #2924

Closed
jiasli opened this issue Jan 22, 2021 · 5 comments · Fixed by Azure/azure-cli#19914
Closed

[SSH] SSH extension should remove the usage of get_msal_token #2924

jiasli opened this issue Jan 22, 2021 · 5 comments · Fixed by Azure/azure-cli#19914
Assignees
@jiasli
Labels
feature-request This issue requires a new behavior in the product in order be resolved. VM SSH
Milestone
Backlog

Comments

@jiasli
Copy link
Member

jiasli commented Jan 22, 2021
edited
Loading

Extension name (the extension in question)

SSH

Description of issue (in as much detail as possible)

In the old ADAL-based Azure CLI, no interface is provided to pass data to ADAL and AAD to get an SSH cert. None of these methods can do this:

That's why Profile.get_msal_token is introduced (Azure/azure-cli#12999) to send data to MSAL and AAD.

Now in the new beta MSAL-based Azure CLI, Profile.get_login_credentials returns a CredentialAdaptor which is compatible with Track 2 SDK's TokenCredential.

SSH extension should detect the CLI version or other field added in the future whether the underlying auth library is MSAL. If so, it should call Profile.get_login_credentials and call get_token on the returned credential instead of calling Profile.get_msal_token:

azure-cli-extensions/src/ssh/azext_ssh/custom.py

Line 58 in ecaacbb

_, certificate = profile.get_msal_token(scopes, data)

which will be deprecated in the GA release of MSAL-based Azure CLI.
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jan 22, 2021
@jiasli jiasli assigned jiasli and fengzhou-msft and unassigned jiasli and fengzhou-msft Jan 22, 2021
@jiasli jiasli changed the title SSH extension should remove the usage of get_msal_token [SSH] SSH extension should remove the usage of get_msal_token Jan 22, 2021
@yonzhan
Copy link
Collaborator

yonzhan commented Jan 22, 2021

SSH

@yonzhan yonzhan added the feature-request This issue requires a new behavior in the product in order be resolved. label Jan 22, 2021
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jan 22, 2021
@jiasli
Copy link
Member Author

jiasli commented Jan 22, 2021

+ @N6UDP who contributed #2921.

@yonzhan yonzhan added this to the Backlog milestone Jan 22, 2021
@yungezz yungezz added the VM SSH label Jan 25, 2021
@N6UDP
Copy link
Member

N6UDP commented Aug 2, 2021

Fixed as part of #3698 - additional detection may be done in the future.

@jiasli
Copy link
Member Author

jiasli commented Aug 3, 2021

I will revisit this part when MSAL integration stabilizes.

@jiasli jiasli closed this as completed Oct 18, 2021
@jiasli jiasli mentioned this issue Oct 18, 2021
Merged
@jiasli
Copy link
Member Author

jiasli commented Nov 3, 2021

MSAL-based Azure CLI 2.30.0 has been released on November 02, 2021: https://docs.microsoft.com/en-us/cli/azure/release-notes-azure-cli#november-02-2021

The old ssh extension now fails with

AttributeError: 'Profile' object has no attribute 'get_msal_token'

To solve it, please update ssh extension to the latest version 1.8.0 with:

az extension update --name ssh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
feature-request This issue requires a new behavior in the product in order be resolved. VM SSH
Projects
None yet
Milestone
Backlog
5 participants
@N6UDP @jiasli @yungezz @yonzhan @fengzhou-msft