From b9e8a8747228bae46b6b5d7239e9abcb21c3af72 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra <13396919+cheenamalhotra@users.noreply.github.com> Date: Fri, 6 Jan 2023 17:53:09 -0800 Subject: [PATCH] Fix resource endpoints to end with slash (#21540) --- .../src/account-provider/auths/azureAuth.ts | 9 ++-- .../src/account-provider/providerSettings.ts | 52 +++++++++---------- 2 files changed, 31 insertions(+), 30 deletions(-) diff --git a/extensions/azurecore/src/account-provider/auths/azureAuth.ts b/extensions/azurecore/src/account-provider/auths/azureAuth.ts index 2956351f63..8cb9c33d8e 100644 --- a/extensions/azurecore/src/account-provider/auths/azureAuth.ts +++ b/extensions/azurecore/src/account-provider/auths/azureAuth.ts @@ -280,8 +280,6 @@ export abstract class AzureAuth implements vscode.Disposable { return undefined; } - - protected abstract loginAdal(tenant: Tenant, resource: Resource): Promise<{ response: OAuthTokenResponse | undefined, authComplete: Deferred }>; protected abstract loginMsal(tenant: Tenant, resource: Resource): Promise<{ response: AuthenticationResult | null, authComplete: Deferred }>; @@ -323,6 +321,9 @@ export abstract class AzureAuth implements vscode.Disposable { Logger.error(`Error: Could not fetch the azure resource ${azureResource} `); return null; } + // Resource endpoint must end with '/' to form a valid scope for MSAL token request. + const endpoint = resource.endpoint.endsWith('/') ? resource.endpoint : resource.endpoint + '/'; + let account: AccountInfo | null = await this.getAccountFromMsalCache(accountId); if (!account) { Logger.error('Error: Could not fetch account when acquiring token'); @@ -330,9 +331,9 @@ export abstract class AzureAuth implements vscode.Disposable { } let newScope; if (resource.azureResourceId === azdata.AzureResource.ResourceManagement) { - newScope = [`${resource?.endpoint}user_impersonation`]; + newScope = [`${endpoint}user_impersonation`]; } else { - newScope = [`${resource?.endpoint}.default`]; + newScope = [`${endpoint}.default`]; } // construct request diff --git a/extensions/azurecore/src/account-provider/providerSettings.ts b/extensions/azurecore/src/account-provider/providerSettings.ts index 7beb3411e4..7332d6f484 100644 --- a/extensions/azurecore/src/account-provider/providerSettings.ts +++ b/extensions/azurecore/src/account-provider/providerSettings.ts @@ -39,7 +39,7 @@ const publicAzureSettings: ProviderSettings = { }, graphResource: { id: SettingIds.graph, - endpoint: 'https://graph.windows.net', + endpoint: 'https://graph.windows.net/', azureResourceId: AzureResource.Graph }, msGraphResource: { @@ -59,38 +59,38 @@ const publicAzureSettings: ProviderSettings = { }, ossRdbmsResource: { id: SettingIds.ossrdbms, - endpoint: 'https://ossrdbms-aad.database.windows.net', + endpoint: 'https://ossrdbms-aad.database.windows.net/', azureResourceId: AzureResource.OssRdbms }, azureKeyVaultResource: { id: SettingIds.vault, - endpoint: 'https://vault.azure.net', + endpoint: 'https://vault.azure.net/', azureResourceId: AzureResource.AzureKeyVault }, azureDevOpsResource: { id: SettingIds.ado, - endpoint: '499b84ac-1321-427f-aa17-267ca6975798', + endpoint: '499b84ac-1321-427f-aa17-267ca6975798/', azureResourceId: AzureResource.AzureDevOps, }, azureLogAnalyticsResource: { id: SettingIds.ala, - endpoint: 'https://api.loganalytics.io', + endpoint: 'https://api.loganalytics.io/', azureResourceId: AzureResource.AzureLogAnalytics, }, azureStorageResource: { id: SettingIds.storage, endpoint: '', - endpointSuffix: '.core.windows.net', + endpointSuffix: '.core.windows.net/', azureResourceId: AzureResource.AzureStorage }, azureKustoResource: { id: SettingIds.kusto, - endpoint: 'https://kusto.kusto.windows.net', + endpoint: 'https://kusto.kusto.windows.net/', azureResourceId: AzureResource.AzureKusto, }, powerBiResource: { id: SettingIds.powerbi, - endpoint: 'https://analysis.windows.net/powerbi/api', + endpoint: 'https://analysis.windows.net/powerbi/api/', azureResourceId: AzureResource.PowerBi }, redirectUri: 'http://localhost', @@ -119,12 +119,12 @@ const usGovAzureSettings: ProviderSettings = { }, graphResource: { id: SettingIds.graph, - endpoint: 'https://graph.windows.net', + endpoint: 'https://graph.windows.net/', azureResourceId: AzureResource.Graph }, armResource: { id: SettingIds.arm, - endpoint: 'https://management.usgovcloudapi.net', + endpoint: 'https://management.usgovcloudapi.net/', azureResourceId: AzureResource.ResourceManagement }, sqlResource: { @@ -134,28 +134,28 @@ const usGovAzureSettings: ProviderSettings = { }, ossRdbmsResource: { id: SettingIds.ossrdbms, - endpoint: 'https://ossrdbms-aad.database.usgovcloudapi.net', + endpoint: 'https://ossrdbms-aad.database.usgovcloudapi.net/', azureResourceId: AzureResource.OssRdbms }, azureKeyVaultResource: { id: SettingIds.vault, - endpoint: 'https://vault.usgovcloudapi.net', + endpoint: 'https://vault.usgovcloudapi.net/', azureResourceId: AzureResource.AzureKeyVault }, azureLogAnalyticsResource: { id: SettingIds.ala, - endpoint: 'https://api.loganalytics.us', + endpoint: 'https://api.loganalytics.us/', azureResourceId: AzureResource.AzureLogAnalytics, }, azureStorageResource: { id: SettingIds.storage, endpoint: '', - endpointSuffix: '.core.usgovcloudapi.net', + endpointSuffix: '.core.usgovcloudapi.net/', azureResourceId: AzureResource.AzureStorage }, powerBiResource: { id: SettingIds.powerbi, - endpoint: 'https://analysis.windows.net/powerbi/api', + endpoint: 'https://analysis.windows.net/powerbi/api/', azureResourceId: AzureResource.PowerBi }, redirectUri: 'http://localhost', @@ -183,7 +183,7 @@ const usNatAzureSettings: ProviderSettings = { }, graphResource: { id: SettingIds.graph, - endpoint: 'https://graph.eaglex.ic.gov', + endpoint: 'https://graph.eaglex.ic.gov/', azureResourceId: AzureResource.Graph }, armResource: { @@ -198,23 +198,23 @@ const usNatAzureSettings: ProviderSettings = { }, ossRdbmsResource: { id: SettingIds.ossrdbms, - endpoint: 'https://ossrdbms-aad.database.cloudapi.eaglex.ic.gov', + endpoint: 'https://ossrdbms-aad.database.cloudapi.eaglex.ic.gov/', azureResourceId: AzureResource.OssRdbms }, azureKeyVaultResource: { id: SettingIds.vault, - endpoint: 'https://vault.cloudapi.eaglex.ic.gov', + endpoint: 'https://vault.cloudapi.eaglex.ic.gov/', azureResourceId: AzureResource.AzureKeyVault }, azureLogAnalyticsResource: { id: SettingIds.ala, - endpoint: 'https://api.loganalytics.azure.eaglex.ic.gov', + endpoint: 'https://api.loganalytics.azure.eaglex.ic.gov/', azureResourceId: AzureResource.AzureLogAnalytics, }, azureStorageResource: { id: SettingIds.storage, endpoint: '', - endpointSuffix: '.core.eaglex.ic.gov', + endpointSuffix: '.core.eaglex.ic.gov/', azureResourceId: AzureResource.AzureStorage }, redirectUri: 'http://localhost', @@ -238,33 +238,33 @@ const germanyAzureSettings: ProviderSettings = { clientId: 'a69788c6-1d43-44ed-9ca3-b83e194da255', graphResource: { id: SettingIds.graph, - endpoint: 'https://graph.cloudapi.de', + endpoint: 'https://graph.cloudapi.de/', azureResourceId: AzureResource.Graph }, msGraphResource: { id: SettingIds.msgraph, - endpoint: 'https://graph.microsoft.de', + endpoint: 'https://graph.microsoft.de/', azureResourceId: AzureResource.MsGraph }, armResource: { id: SettingIds.arm, - endpoint: 'https://management.microsoftazure.de', + endpoint: 'https://management.microsoftazure.de/', azureResourceId: AzureResource.ResourceManagement }, azureKeyVaultResource: { id: SettingIds.vault, - endpoint: 'https://vault.microsoftazure.de', + endpoint: 'https://vault.microsoftazure.de/', azureResourceId: AzureResource.AzureKeyVault }, azureStorageResource: { id: SettingIds.storage, endpoint: '', - endpointSuffix: '.core.cloudapi.de', + endpointSuffix: '.core.cloudapi.de/', azureResourceId: AzureResource.AzureStorage }, powerBiResource: { id: SettingIds.powerbi, - endpoint: 'https://analysis.windows.net/powerbi/api', + endpoint: 'https://analysis.windows.net/powerbi/api/', azureResourceId: AzureResource.PowerBi }, redirectUri: 'http://localhost',