search

Azure / azure-cli

Azure Command-Line Interface
MIT License
4.03k stars 3.01k forks source link

`az cloud register` should support configuring Microsoft Graph endpoint #20846

Open jiasli opened 2 years ago

jiasli commented 2 years ago

Context

az cloud register currently has no way to configure Microsoft Graph endpoint:

$ az cloud register -h

Command
    az cloud register : Register a cloud.
        When registering a cloud, specify only the resource manager endpoint for the autodetection
        of other endpoints.

Arguments
    --name -n                                       [Required] : Name of a registered cloud.
    --cloud-config                                             : JSON encoded cloud configuration.
                                                                 Use @{file} to load from a file.
    --endpoint-active-directory                                : The Active Directory login
                                                                 endpoint.
    --endpoint-active-directory-data-lake-resource-id          : The Active Directory resource ID
                                                                 for data lake services.
    --endpoint-active-directory-graph-resource-id              : The Active Directory resource ID.
    --endpoint-active-directory-resource-id                    : The resource ID to obtain AD tokens
                                                                 for.
    --endpoint-gallery                                         : The template gallery endpoint.
    --endpoint-management                                      : The management service endpoint.
    --endpoint-resource-manager                                : The resource management endpoint.
    --endpoint-sql-management                                  : The sql server management endpoint.
    --endpoint-vm-image-alias-doc                              : The uri of the document which
                                                                 caches commonly used virtual
                                                                 machine images.
    --profile                                                  : Profile to use for this cloud.
                                                                 Allowed values: 2017-03-09-profile,
                                                                 2018-03-01-hybrid,
                                                                 2019-03-01-hybrid,
                                                                 2020-09-01-hybrid, latest.
    --suffix-acr-login-server-endpoint                         : The Azure Container Registry login
                                                                 server suffix.
    --suffix-azure-datalake-analytics-catalog-and-job-endpoint : The Data Lake analytics job and
                                                                 catalog service dns suffix.
    --suffix-azure-datalake-store-file-system-endpoint         : The Data Lake store filesystem
                                                                 service dns suffix.
    --suffix-keyvault-dns                                      : The Key Vault service dns suffix.
    --suffix-sql-server-hostname                               : The dns suffix for sql servers.
    --suffix-storage-endpoint                                  : The endpoint suffix for storage
                                                                 accounts.

This makes it impossible to use Microsoft Graph PPE endpoint https://graph.microsoft-ppe.com/ (https://github.com/Azure/azure-cli/issues/17209#issuecomment-791225010).

Proposed solution

az cloud register should support configuring Microsoft Graph endpoint with a parameter like --endpoint-microsoft-graph-resource-id, similar to --endpoint-active-directory-graph-resource-id.

Additional context

Currently, to use Azure Dogfood environment, the cloud should be registered with 

az cloud register --name Dogfood --endpoint-active-directory-resource-id https://management.core.windows.net/ --endpoint-gallery https://df.gallery.azure-test.net/ --endpoint-resource-manager https://api-dogfood.resources.windows-int.net/ --endpoint-active-directory https://login.windows-ppe.net/ --endpoint-active-directory-graph-resource-id https://graph.ppe.windows.net/

# Line breaks for legibility
az cloud register
  --name Dogfood
  --endpoint-active-directory-resource-id https://management.core.windows.net/
  --endpoint-gallery https://df.gallery.azure-test.net/
  --endpoint-resource-manager https://api-dogfood.resources.windows-int.net/
  --endpoint-active-directory https://login.windows-ppe.net/
  --endpoint-active-directory-graph-resource-id https://graph.ppe.windows.net/
yonzhan commented 2 years ago

az cloud register refinement

rakku-ms commented 2 years ago

@yonzhan @jiasli any plan to work on this feature? We need this feature for 'ARCA' custom cloud. FYI @sarathys

feruilob commented 2 years ago

I also need this to run ARC commands against DF endpoints