Ensure correct session is being used when listing resources #1241
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Comment on lines
15
to
16
| const session = await getSessionFromVSCode("https://management.azure.com//.default", subscription.tenantId, { createIfNone: false, silent: true, account: subscription.account }) | ||
| const credential = createCredential(() => session); |
There was a problem hiding this comment.
I have a sneaking suspicion that this fixed scope is gonna come back to bite us
| const subContext = createSubscriptionContext(subscription); | ||
| return await createResourceClient([context, subContext]); | ||
| async function createClient(subscription: AzureSubscription): Promise<ResourceManagementClient> { | ||
| const session = await getSessionFromVSCode("https://management.azure.com//.default", subscription.tenantId, { createIfNone: false, silent: true, account: subscription.account }) |
There was a problem hiding this comment.
support other endpoints here
| async function createClient(subscription: AzureSubscription): Promise<ResourceManagementClient> { | ||
| const session = await getSessionFromVSCode("https://management.azure.com//.default", subscription.tenantId, { createIfNone: false, silent: true, account: subscription.account }) | ||
| const credential = createCredential(() => session); | ||
| const client = new ResourceManagementClient(credential, subscription.subscriptionId); |
There was a problem hiding this comment.
We need to still be using createResourceClient. That adds a ton of extra stuff including support for the MFA challenges that we need.
|
Talked offline but decided we may want to put these changes behind a setting so lighthouse users can opt in to this experience. Basically if we notice that there are multiple of the same subs under the same account a warning will pop up to turn the setting on. That way we can hopefully mitigate any bugs 🤪 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1040
In the case of a user having both lighthouse and B2B access being granted, the same subscription can be under the same account but different tenants. In this case the session being used to list resources is incorrect since it doesn't include the tenant scope. By directly calling
getSessionFromVSCodewe are able to solve this issue.To Do:
Edit
When the same sub is from the same account the tenant id is shown instead:
