Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New auth code doesn't work if multiple accounts are signed in or you sign in to an account with access to multiple tenants. #15453

Open
StephenWeatherford opened this issue Oct 31, 2024 · 5 comments · Fixed by #15652
Open

New auth code doesn't work if multiple accounts are signed in or you sign in to an account with access to multiple tenants. #15453

StephenWeatherford opened this issue Oct 31, 2024 · 5 comments · Fixed by #15652
Assignees
@StephenWeatherford
Labels
devdiv Related to Bicep tooling efforts in DevDiv story: bicep deploy
Milestone
v0.35

Comments

@StephenWeatherford
Copy link
Contributor

microsoft/vscode-azuretools#1809 affects the new code for #14101, which should ship in December. If the bug isn't fixed before we ship, may need to work around it (I think I can at least detect the issue and ask them to sign out of one of them).
@github-project-automation github-project-automation bot moved this to Todo in Bicep Oct 31, 2024
@StephenWeatherford StephenWeatherford self-assigned this Oct 31, 2024
@StephenWeatherford StephenWeatherford added this to the v0.32 milestone Oct 31, 2024
@StephenWeatherford StephenWeatherford added devdiv Related to Bicep tooling efforts in DevDiv story: bicep deploy labels Oct 31, 2024
@StephenWeatherford StephenWeatherford mentioned this issue Nov 5, 2024
Merged
6 tasks
StephenWeatherford added a commit that referenced this issue Nov 15, 2024
@StephenWeatherford
Use vscode authentication instead of Azure Account extension (#15403)
f507ed0 
Fixes [14101](#14101)

NOTE: I plan on not merging this until the current release ships, so we
have some time to dogfood internally before the December release.

Fixes #14101 
###### Microsoft Reviewers: [Open in
CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/15403)

- [x] Check if documentation needs to change
- [x]
https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-vscode
    - entered  #15450
  - [x] Clouds
- [x] Wait for multiple-account issue to be fixed (see below)?
  - Entered #15453
- [x] Check #8714 
- [ ] Add to readme notes
  - UI changes below
  - Multiple F1 commands if Azure Account extension still installed
  - Multiple accounts issue if still a problem

Overview of UI changes (images from
https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-vscode)

> <img width="732" alt="image"
src="https://github.com/user-attachments/assets/22dd96cb-2300-4047-a0be-dbb189b99f19">
NEW: You never see this menu now. Instead, if you aren't logged in,
you'll see something like this:
<img width="374" alt="image"
src="https://github.com/user-attachments/assets/92b35128-67e3-4e8e-b472-7aea0c1d52b7">

> <img width="782" alt="image"
src="https://github.com/user-attachments/assets/fef8c2d9-1060-4c1b-9fa4-1ed26c23db65">
NEW: Bicep no longer uses the Azure Account extension (it's being
deprecated). Instead, it uses new built-in vscode functionality that is
integrated with vscode's UI, e.g.:
<img width="655" alt="image"
src="https://github.com/user-attachments/assets/579b96b1-ee35-4502-8403-2196081a6d77">
and also integrates with other extensions like the Azure Resources
extension.

The statement that deployment doesn't use values from the
bicepconfig.json is correct. Instead, if you need to sign in to a custom
cloud, use this vscode setting before signing in:
<img width="1254" alt="image"
src="https://github.com/user-attachments/assets/cecb5371-767c-4d1c-8fdf-4fdd0154d04a">

Note: multiple signed-in accounts isn't currently supported (you may
need to sign out of one first using the vscode UI above), although
hopefully that will be fixed soon, perhaps even before this feature
change ships.

---------

Co-authored-by: Stephen Weatherford <Stephen.Weatherford.com>
@StephenWeatherford StephenWeatherford mentioned this issue Nov 21, 2024
Merged
StephenWeatherford added a commit that referenced this issue Nov 25, 2024
@StephenWeatherford
Use lateset azext-auth package (#15652)
b134262 
Fixes #15453 
###### Microsoft Reviewers: [Open in
CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/15652)

---------

Co-authored-by: Stephen Weatherford <Stephen.Weatherford.com>
@github-project-automation github-project-automation bot moved this from Todo to Done in Bicep Nov 25, 2024
@StephenWeatherford
Copy link
Contributor Author

Need to verify and also update the required vscode version.

@StephenWeatherford StephenWeatherford moved this from Done to In Progress in Bicep Nov 25, 2024
@StephenWeatherford StephenWeatherford changed the title New auth code has bug that may need workaround if multiple accounts are signed in New auth code doesn't work if multiple accounts are signed in or you sign in to an account with access to multiple tenants. Nov 25, 2024
@StephenWeatherford
Copy link
Contributor Author

StephenWeatherford commented Nov 25, 2024
edited
Loading

Will need to add code on our side for the moment to allow a user to select a tenant to sign into if we can't find subscriptions. Also need a couple of fixes from the azext authors.

@StephenWeatherford StephenWeatherford added the P1 This is planned to be completed before the end of a release label Nov 25, 2024
@StephenWeatherford
Copy link
Contributor Author

Work-around:

If you run into the error “No subscriptions found.” In the output window, please let me know, and then try this work-around: Install the “Azure Resources” extension, go to the Azure view, and see if it “Sign in to Directory…”. If so, click it and follow instructions. Bicep deploy should then work.

TL;DR

In the next Bicep release (due very soon), I've changed our Azure authentication code for the Deploy Bicep File… menu inside VS Code so that it no longer depends on the Azure Account extension (see #14101), and instead uses VSCode’s authentication mechanism. This change affects deployment inside VS Code only, and does not affect the CLI or module restoration, nor does it fix the issue with VisualStudioCode credentials in bicepconfig.json).

All previous scenarios seem to be working fine, but I have seen some problems when signed in to multiple accounts (this wasn’t possible with the previous code, but is now via Azure: Sign In (azureResourceGroups.login) command) and when users have access to multiple tenants.

@stephaniezyen stephaniezyen modified the milestones: v0.32, v0.33 Dec 4, 2024
@puicchan puicchan modified the milestones: v0.33, v0.34 Dec 5, 2024
@puicchan
Copy link

puicchan commented Jan 9, 2025

@maskati, can you let us know if you have seen this?

@puicchan puicchan added P2 This is important to be completed, but you may not get to it Needs: Author Feedback Awaiting feedback from the author of the issue and removed P1 This is planned to be completed before the end of a release P2 This is important to be completed, but you may not get to it labels Jan 9, 2025
@puicchan puicchan modified the milestones: v0.34, v0.35 Jan 9, 2025
@maskati
Copy link

maskati commented Jan 20, 2025

@puicchan I have not seen this recently.

@StephenWeatherford StephenWeatherford removed the Needs: Author Feedback Awaiting feedback from the author of the issue label Jan 24, 2025
@StephenWeatherford StephenWeatherford moved this from In Progress to Todo in Bicep Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@StephenWeatherford StephenWeatherford

Labels
devdiv Related to Bicep tooling efforts in DevDiv story: bicep deploy
Projects
Bicep
Status: Todo
Milestone
v0.35
Development

Successfully merging a pull request may close this issue.

Use lateset azext-auth package Azure/bicep
4 participants
@StephenWeatherford @puicchan @maskati @stephaniezyen