[x] This isn't an open-ended question (open a discussion if it is).
:computer: System information
Operating System: debian Bookworm
Data Safe Haven version: develop
:package: Packages
List of packages
```none
Paste list of packages here
```
:no_entry_sign: Describe the problem
When deploying the SHM, an Entra application is created. The name of that application uses the description field of the context, rather than the name. This means if somebody (e.g. somebody other than the original creator) tries to redeploy the SHM but doesn't match the description precisely, it creates a new application. Subsequently deploying an SRE fails (with a long and horrifying Python event loop is closed error) which seems to be because there's a mismatch between the expected client secret and the credentials of the new application (see below).
The application could be avoided by using the name of the SHM/context. Otherwise entra apps might proliferate if different admins describe contexts differently.
:deciduous_tree: Log messages
Relevant log messages
In this image, two of the applications - `gitea testing` and `stuff` are from the same SHM, but with different descriptions in the context.
```none
azuread:index:Group sre_entra_group_privileged_user_group_name error: 1 error occurred:
azuread:index:Group sre_entra_group_privileged_user_group_name **failed** 1 error
Diagnostics:
azuread:index:Group (sre_entra_group_privileged_user_group_name):
error: 1 error occurred:
* building client: unable to obtain access token: clientCredentialsToken: received HTTP status 401 with response:
{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client
secret value, not the client secret ID, for a secret added to app '2b4bed0c-1c4d-4b3a-b18a-078a8ac337a5'. Trace ID: e72597b3-e195-4d06-8432-ecba191e3100
Correlation ID: 48dad7cd-a0e2-4b74-971f-08d060d312c1 Timestamp: 2024-10-18 10:52:07Z","error_codes":[7000215],"timestamp":"2024-10-18
10:52:07Z","trace_id":"e72597b3-e195-4d06-8432-ecba191e3100","correlation_id":"48dad7cd-a0e2-4b74-971f-08d060d312c1","error_uri":"https://login.microsofto
nline.com/error?code=7000215"}
```
:recycle: To reproduce
Deploy an SHM, then update the context with a new description, redeploy it, and try to deploy an SRE.
:white_check_mark: Checklist
:computer: System information
:package: Packages
List of packages
```none Paste list of packages here ```:no_entry_sign: Describe the problem
When deploying the SHM, an Entra application is created. The name of that application uses the
descriptionfield of the context, rather than thename. This means if somebody (e.g. somebody other than the original creator) tries to redeploy the SHM but doesn't match the description precisely, it creates a new application. Subsequently deploying an SRE fails (with a long and horrifying Pythonevent loop is closederror) which seems to be because there's a mismatch between the expected client secret and the credentials of the new application (see below).The application could be avoided by using the name of the SHM/context. Otherwise entra apps might proliferate if different admins describe contexts differently.
:deciduous_tree: Log messages
Relevant log messages
In this image, two of the applications - `gitea testing` and `stuff` are from the same SHM, but with different descriptions in the context.  ```none azuread:index:Group sre_entra_group_privileged_user_group_name error: 1 error occurred: azuread:index:Group sre_entra_group_privileged_user_group_name **failed** 1 error Diagnostics: azuread:index:Group (sre_entra_group_privileged_user_group_name): error: 1 error occurred: * building client: unable to obtain access token: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '2b4bed0c-1c4d-4b3a-b18a-078a8ac337a5'. Trace ID: e72597b3-e195-4d06-8432-ecba191e3100 Correlation ID: 48dad7cd-a0e2-4b74-971f-08d060d312c1 Timestamp: 2024-10-18 10:52:07Z","error_codes":[7000215],"timestamp":"2024-10-18 10:52:07Z","trace_id":"e72597b3-e195-4d06-8432-ecba191e3100","correlation_id":"48dad7cd-a0e2-4b74-971f-08d060d312c1","error_uri":"https://login.microsofto nline.com/error?code=7000215"} ```:recycle: To reproduce
Deploy an SHM, then update the context with a new
description, redeploy it, and try to deploy an SRE.