just skip for cases where user fail to get subscriptions of tenants f…

…or which he/she has no permission to get access token. (#4732) * just skip for cases user failing to get subscriptions of tenants he/she has no permission to get access token.
microsoft · Nov 6, 2020 · 943901a · 943901a
1 parent f7591a1
commit 943901a
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 7 deletions.
diff --git a/Utils/azuretools-core/src/com/microsoft/azuretools/enums/ErrorEnum.java b/Utils/azuretools-core/src/com/microsoft/azuretools/enums/ErrorEnum.java
@@ -32,8 +32,8 @@ public enum ErrorEnum {
             "Authentication token invalid, sign in again or run \"az login\" if using Azure CLI credential"),
     SOCKET_TIMEOUT_EXCEPTION(100002, "Encountered a socket timeout exception.",
             "Timeout when accessing azure, please try your operation again."),
-    FAILED_TO_GET_ACCESS_TOKEN_BY_CLI(100003, "Failed to get access token by Azure CLI command.",
-            "Failed to get access token, please try to login Azure CLI using 'az login' and try again."),
+    FAILED_TO_GET_ACCESS_TOKEN(100003, "Failed to get access token by Azure CLI command.",
+                               "Failed to get access token, please try to login Azure CLI using 'az login' and try again."),
     INVALID_SUBSCRIPTION_CACHE(100004, "Invalid subscription",
             "It seems local cache of subscription is expired, please try re-login"),
     ;

diff --git a/Utils/azuretools-core/src/com/microsoft/azuretools/sdkmanage/AzureCliAzureManager.java b/Utils/azuretools-core/src/com/microsoft/azuretools/sdkmanage/AzureCliAzureManager.java
@@ -192,7 +192,7 @@ private Pair<String, OffsetDateTime> getAccessTokenViaCli(String tid, @Nullable
                                String.format(CLI_TOKEN_FORMAT_ACCESSOR_RESOURCE, tid, resource);
         final String jsonToken = CommandUtils.exec(command);
         if (StringUtils.isBlank(jsonToken)) {
-            throw new AzureRuntimeException(ErrorEnum.FAILED_TO_GET_ACCESS_TOKEN_BY_CLI);
+            throw new AzureRuntimeException(ErrorEnum.FAILED_TO_GET_ACCESS_TOKEN);
         }
         final Map<String, Object> objectMap = JsonUtils.fromJson(jsonToken, Map.class);
         final String strToken = (String) objectMap.get(CLI_TOKEN_PROP_ACCESS_TOKEN);

diff --git a/Utils/azuretools-core/src/com/microsoft/azuretools/sdkmanage/AzureManagerBase.java b/Utils/azuretools-core/src/com/microsoft/azuretools/sdkmanage/AzureManagerBase.java
@@ -22,6 +22,7 @@
 
 package com.microsoft.azuretools.sdkmanage;
 
+import com.google.common.base.Throwables;
 import com.microsoft.azure.AzureEnvironment;
 import com.microsoft.azure.arm.resources.AzureConfigurable;
 import com.microsoft.azure.credentials.AzureTokenCredentials;
@@ -31,6 +32,7 @@
 import com.microsoft.azure.management.resources.Subscription;
 import com.microsoft.azure.management.resources.Tenant;
 import com.microsoft.azure.toolkit.lib.common.rest.RestExceptionHandlerInterceptor;
+import com.microsoft.azuretools.adauth.AuthException;
 import com.microsoft.azuretools.authmanage.*;
 import com.microsoft.azuretools.enums.ErrorEnum;
 import com.microsoft.azuretools.exception.AzureRuntimeException;
@@ -45,6 +47,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.function.Predicate;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
@@ -128,10 +131,23 @@ public List<Pair<Subscription, Tenant>> getSubscriptionsWithTenant() throws IOEx
         // could be multi tenant - return all subscriptions for the current account
         final List<Tenant> tenants = getTenants(authentication);
         for (final Tenant tenant : tenants) {
-            final Azure.Authenticated tenantAuthentication = authTenant(tenant.tenantId());
-            final List<Subscription> tenantSubscriptions = getSubscriptions(tenantAuthentication);
-            for (final Subscription subscription : tenantSubscriptions) {
-                subscriptions.add(new Pair<>(subscription, tenant));
+            try {
+                final Azure.Authenticated tenantAuthentication = authTenant(tenant.tenantId());
+                final List<Subscription> tenantSubscriptions = getSubscriptions(tenantAuthentication);
+                for (final Subscription subscription : tenantSubscriptions) {
+                    subscriptions.add(new Pair<>(subscription, tenant));
+                }
+            } catch (final Exception e) {
+                // just skip for cases user failing to get subscriptions of tenants he/she has no permission to get access token.
+                // "AADSTS50076" is the code of a weired error related to multi-tenant configuration.
+                final Predicate<Throwable> tenantError = (c) -> c instanceof AuthException && ((AuthException) c).getErrorMessage().contains("AADSTS50076");
+                if (e instanceof AzureRuntimeException && ((AzureRuntimeException) e).getCode() == ErrorEnum.FAILED_TO_GET_ACCESS_TOKEN.getErrorCode() ||
+                    Throwables.getCausalChain(e).stream().anyMatch(tenantError)) {
+                    // TODO: @wangmi better to notify user
+                    LOGGER.log(Level.WARNING, e.getMessage(), e);
+                } else {
+                    throw e;
+                }
             }
         }
         return subscriptions;