[SSH] Change the scope of AT request to MSAL to AADSSHLoginForLinux app id #9465
Conversation
️✔️Azure CLI Extensions Breaking Change Test
|
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
Hi @vthiebaut10, |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
CodeGen Tools Feedback CollectionThank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey |
|
Hi @vthiebaut10 Release SuggestionsModule: ssh
Notes
|
There was a problem hiding this comment.
Pull request overview
This PR changes the authentication scope for SSH certificate acquisition from cloud-specific endpoints to a unified AADSSHLoginForLinux application ID. This simplifies the authentication flow by using a single app ID across all Azure cloud environments.
- Removes the cloud-to-scope mapping dictionary that previously supported Azure Cloud, Azure China Cloud, and Azure US Government
- Replaces cloud-specific scopes with the hardcoded AADSSHLoginForLinux app ID 'ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0'
- Adds debug logging for the scopes list
|
|
||
| scopes = [scope] | ||
|
|
||
| logger.debug(scopes) |
There was a problem hiding this comment.
Trailing whitespace detected at the end of this line. Remove the whitespace after the closing parenthesis.
| logger.debug(scopes) | |
| logger.debug(scopes) |
| scope = 'ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0' | ||
|
|
||
| scopes = [scope] | ||
|
|
There was a problem hiding this comment.
The intermediate 'scope' variable on line 208 is only used once on line 210. Consider directly initializing 'scopes' as a list literal instead of creating an intermediate variable. This would simplify the code by reducing it to a single line: scopes = ['ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0']
| scope = 'ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0' | |
| scopes = [scope] | |
| scopes = ['ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0'] |
| op_call(op_info, delete_keys, delete_cert) | ||
|
|
||
|
|
||
| def _get_and_write_certificate(cmd, public_key_file, cert_file, ssh_client_folder): |
There was a problem hiding this comment.
The hardcoded app ID 'ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0' lacks documentation explaining what it represents. Add a comment above this line to clarify that this is the AADSSHLoginForLinux application ID, which replaces the previous cloud-specific scopes. This will help future maintainers understand why this specific GUID is used.
| def _get_and_write_certificate(cmd, public_key_file, cert_file, ssh_client_folder): | |
| def _get_and_write_certificate(cmd, public_key_file, cert_file, ssh_client_folder): | |
| # This is the AADSSHLoginForLinux application ID, which replaces previous cloud-specific scopes. |
3 participants
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.