Skip to content
This repository was archived by the owner on Nov 1, 2023. It is now read-only.

[Bug Fix] Adding Check for SP During User Role Assignment. #1497

Merged
merged 9 commits into from
Dec 1, 2021
Merged

[Bug Fix] Adding Check for SP During User Role Assignment. #1497

merged 9 commits into from
Dec 1, 2021

Conversation

@nharper285
Copy link
Contributor

@nharper285 nharper285 commented Nov 30, 2021

Summary of the Pull Request

What is this about?
I introduced a bug when I implemented the new function for assigning user access. If a user tried upgrading an instance with an SP, then deployment would fail when this function was called due to lack of permissions.

PR Checklist

  • Applies to work item: #xxx
  • CLA signed. If not, go over here and sign the CLI.
  • Tests added/passed
  • Requires documentation to be updated
  • I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #xxx

Info on Pull Request

What does this include?
Changes to deploy.py assign_user_access()

Validation Steps Performed

check-pr run.

How does someone test & validate?
Deploy with a service principal.

chkeita
chkeita reviewed Nov 30, 2021
View reviewed changes
src/deployment/deploy.py Outdated
)

def assign_user_access(self) -> None:
if self.results["client_id"]:
Copy link
Contributor

@chkeita chkeita Nov 30, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this condition
why skipping when the client_id is set ? Shouldn't we update the application backing that client_id instead ?

Copy link
Contributor Author

@nharper285 nharper285 Nov 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you suggesting we retrieve the underlying application and update it?

Copy link
Contributor Author

@nharper285 nharper285 Nov 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that done anywhere else? It was my impression that you wouldnt be able to edit any AAD objects with an SP.

Copy link
Contributor Author

@nharper285 nharper285 Nov 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

This was the offending code. You can't call this function as an SP.

Copy link
Contributor Author

@nharper285 nharper285 Nov 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay @chkeita, I actually just changed it to self.upgrade. The original logic did not work properly because client_id and client_secret are set regardless.

chkeita
chkeita reviewed Nov 30, 2021
View reviewed changes
@nharper285 @chkeita
Update src/deployment/deploy.py
dcb6e02 
Co-authored-by: Cheick Keita <kcheick@gmail.com>
@nharper285 nharper285 merged commit 5e3d915 into microsoft:main Dec 1, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Dec 31, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@chkeita chkeita chkeita approved these changes

@mgreisen mgreisen mgreisen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nharper285 @chkeita @mgreisen