Comments (4)
I changed the code on a few places and added some debugs:
$
[msi_debugs.go.txt](https://github.com/manicminer/hamilton/files/7367807/msi_debugs.go.txt)
go test --race ./... -v
=== RUN TestAzureCliAuthorizer
--- PASS: TestAzureCliAuthorizer (1.13s)
=== RUN TestMsiAuthorizer
url is : http://localhost:50342/oauth2/token?api-version=2018-02-01&format=text&resource=https%3A%2F%2Fmanagement.azure.com%2F
GET /oauth2/token?api-version=2018-02-01&format=text&resource=https%3A%2F%2Fmanagement.azure.com%2F HTTP/1.1
Host: localhost:50342
User-Agent: Go-http-client/1.1
Content-Length: 38
Accept-Encoding: gzip
resource=https://management.azure.com/
HTTP/1.1 200 OK
Content-Length: 2162
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Mon, 18 Oct 2021 18:38:50 GMT
Etag: W/"872-7WpHq6sLbo/bDSyC3PAw3C2IjwA"
X-Powered-By: Express
{"access_token":"(REDACTED) MukeJyc37ggOpV41f3U1TY9CblMOkTavjh3Q9Yz0-_I6c6y8kDCMZJbTs2NMdk0AWMSdsHsB_aDoRo5QfQ","refresh_token":"","expires_in":"1513","expires_on":"1634583843","not_before":"1634579943","resource":"https://management.core.windows.net/","token_type":"Bearer"}
url is : http://localhost:50342/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fgraph.microsoft.com%2F
GET /oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fgraph.microsoft.com%2F HTTP/1.1
Host: localhost:50342
User-Agent: Go-http-client/1.1
Content-Length: 38
Accept-Encoding: gzip
resource=https://management.azure.com/
HTTP/1.1 200 OK
Content-Length: 2481
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Mon, 18 Oct 2021 18:38:50 GMT
Etag: W/"9b1-7RxI3beG6uimCUxaeTgt0r94X5Y"
X-Powered-By: Express
{"access_token":"(REDACTED) 2ZYqIeAo5wQluCzExh8VXIdfsstqCaHfqkNsaXzwahuLp412w","refresh_token":"","expires_in":"1558","expires_on":"1634583888","not_before":"1634579989","resource":"https://graph.microsoft.com/","token_type":"Bearer"}
--- PASS: TestMsiAuthorizer (0.01s)
=== RUN TestParseClaims_azureCli
from hamilton.
--- PASS: TestAzureCliAuthorizer (1.23s)
=== RUN TestMsiAuthorizer
--- PASS: TestMsiAuthorizer (0.01s)
=== RUN TestParseClaims_azureCli
--- PASS: TestParseClaims_azureCli (1.15s)
=== RUN TestParseClaims_clientCertificate
system@Azure:~/msitests/hamilton$
system@Azure:~/msitests/hamilton$ git diff
diff --git a/auth/msi.go b/auth/msi.go
index e87f18e..b2c64fd 100644
--- a/auth/msi.go
+++ b/auth/msi.go
@@ -112,10 +112,11 @@ func NewMsiConfig(ctx context.Context, resource, msiEndpoint, clientId string) (
}
// determine the generic metadata URL and check if we can reach it
- e.Path = "/metadata"
+ e.Path = "/oauth2/token"
e.RawQuery = url.Values{
"api-version": []string{msiDefaultApiVersion},
"format": []string{"text"},
+ "resource": []string{"https://management.azure.com/"},
}.Encode()
_, err = azureMetadata(ctx, e.String())
from hamilton.
This is the output using the current code:
--- PASS: TestAzureCliAuthorizer (1.16s)
=== RUN TestMsiAuthorizer
--- FAIL: TestMsiAuthorizer (0.00s)
auth_test.go:127: NewMsiAuthorizer(): NewMsiConfig: could not validate MSI endpoint: received HTTP status 404
=== RUN TestParseClaims_azureCli
--- PASS: TestParseClaims_azureCli (1.16s)
from hamilton.
@marcogsm Thanks for raising this, the next release of the SDK will remove a configuration check that was hindering managed identity authentication in Cloud Shell.
from hamilton.
Related Issues (20)
- Consider using beta version of API for accessPackage HOT 1
- azcli auth doesn't support MSAL scopes HOT 1
- Support for Continuous Access Evaluation (CAE) in conditional access session
- Support for Chat Resource HOT 2
- Group writebackConfiguration HOT 2
- Add the app ID for Azure Database for PostgreSQL - Flexible Server.
- Is it possible to fetch synchronizationSchema?
- ProvisionOnDemand() in SynchronizationJobClient returns error even though provisioning was successful
- AdministrativeUnits client uses wrong endpoint
- Replace double forward slash with single forward slash in all requests HOT 1
- How to manage enterprise application service principal saml claims? HOT 4
- Add support for synchronization GetSchema
- Add ServiceManagementReference to model
- Add support for ClientApplications in ConditionalAccessConditionSet
- DEBUG log entry showing up in production.
- Can "encoding/json" be replaced? HOT 1
- Add support for conditional access policy guestsOrExternalUsers settings
- [Question] Dynamic Distribution Lists and mailbox custom attributes HOT 1
- Error: no Authorizer could be configured, please check your configuration
- Help getting user emails
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hamilton.