Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

acs-engine commands talk to Azure APIs fail for Azure Government #2223

Closed
gsacavdm opened this issue Feb 7, 2018 · 7 comments
Closed

acs-engine commands talk to Azure APIs fail for Azure Government #2223

gsacavdm opened this issue Feb 7, 2018 · 7 comments

Comments

@gsacavdm
Copy link
Contributor

gsacavdm commented Feb 7, 2018

Is this a request for help?:
No

Is this an ISSUE or FEATURE REQUEST? (choose one):
ISSUE

What version of acs-engine?:
v0.12.4

Orchestrator and version (e.g. Kubernetes, DC/OS, Swarm)
Kubernetes though should apply to all

What happened:
Running any command that leverages the ACS Engine Azure AD multi-tenant application (using the AcsEngineClientID, for example acs-engine upgrade fails when used with --azure-env AzureUSGovernmentCloud with the error in the screenshot below. This happens after I logged in to Azure AD.

aad-azure-gov-error

What you expected to happen:
I should be able to successfully log in and proceed with the acs-engine operation (update in this case).

How to reproduce it (as minimally and precisely as possible):
Run acs-engine upgrade --azure-env AzureUSGovernmentCloud and log in with any Azure Government user.

Anything else we need to know:
In order to solve this, acs-engine must be able to support different AcsEngineClientIDs per environment and the ACS team needs to create a multi-tenant Azure AD application for each environment and ensure permissions to the correct Azure API is configured for that application.
@gsacavdm
Copy link
Contributor Author

gsacavdm commented Feb 7, 2018

@anhowe / @jackfrancis , I can help with this both on acs-engine and with the Azure AD registration for Azure Government.

For the code side of acs-engine, do you guys have a preference on where that per-environment client ID resides?

For the Azure AD application registration, I'll ping you offline.

@gsacavdm
Copy link
Contributor Author

Ping.

@jackfrancis
Copy link
Member

@gsacavdm I'm not terribly familiar with this particular surface area in the codebase, so I suggest you scaffold out a prototype PR and we can iterate from there if we are able to identify a more appropriate implementation during the PR process.

Thanks for raising and tackling this!

@gsacavdm gsacavdm mentioned this issue Feb 16, 2018
Merged
@gsacavdm
Copy link
Contributor Author

@jackfrancis , I submitted a proposal for this as a starting point. I'd love to hear your feedback on it.

@jackfrancis
Copy link
Member

Simple and clean, I like it, thanks again!

@gsacavdm
Copy link
Contributor Author

@jackfrancis , can we reopen this and keep it open until we get the right client id in there? As it stands, even after the PR, this will continue to fail.

@jackfrancis jackfrancis reopened this Feb 22, 2018
@gsacavdm gsacavdm mentioned this issue Feb 27, 2018
Merged
@gsacavdm
Copy link
Contributor Author

gsacavdm commented Mar 2, 2018

Fixed!

@gsacavdm gsacavdm closed this as completed Mar 2, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jackfrancis @gsacavdm