microsoftgraph / msgraph-cli-archived

The Microsoft Graph CLI repository has moved. This repository is now an archive.
https://github.com/microsoftgraph/msgraph-cli
Other
44 stars 9 forks source link

Why is this being worked on instead of the Azure CLI? #198

Closed justinmchase closed 2 years ago

justinmchase commented 3 years ago

I see the blurb on the front about imitating the azure CLI but it may help to give an explanation on why this is being worked on instead of just putting all this effort into fixing the azure CLI.

I'm hitting some errors right now due to the Azure AD Graph api deprecation and the CLI does not yet support the Graph in some areas so I can't help but wonder how the deprecation could have happend before the defacto tool is updated and why effort was being spent here rather than on fixing that tool.

darrelmiller commented 2 years ago

Microsoft Graph is a different API than the Azure API. Just as GitHub has a CLI, Cognitive Services have a CLI, Azure has a CLI and Microsoft Graph has a CLI.

Microsoft Graph is a SAAS API as compared to Azure which is PAAS/IAAS. This has a significant impact on the way users interact with data via applications. The application consent experience is very important when it comes to privacy and trust in Microsoft Graph. That concept really doesn't surface in Azure APIs.

Admittedly there is confusion because Azure AD was branded as an Azure for such a long time. However, several years ago there was a branding change to more accurately reflect Identity within Microsoft. It is now known as the Microsoft Identity Platform. https://www.microsoft.com/en-ca/security/business/identity-access-management/microsoft-identity-management-platform The Identity services are a SAAS service. Nobody considers dropping all the users in a tenant and redeploying them like you might do with websites.

While the portal experience remains in the Azure portal, the API surface area is in Microsoft Graph. There is no requirement to have an Azure subscription to use Microsoft Identity. You will note that there has never been ARM Template support for AD solutions because it was not an Azure control plane API.

The Azure CLI is unfortunately stuck in a bit of an uncanny valley of having a UX for an API that belongs somewhere else. I do believe the Azure CLI team is committed to keeping the functionality that exists today but new Identity functionality will be surfaced via Microsoft Graph and the Graph CLI.

justinmchase commented 2 years ago

Ok I'll think on this, it helps, thank you.

And I was able to work around my issue by using curl to call the graph api directly instead of using the az cli tool. But my only feedback here is just that it may be useful to expand on this situation a little on the main README because its hard to understand from the outside and not in an altogether good state for users and easy to get frustrated.

darrelmiller commented 2 years ago

Hi @justinmchase I'm glad you were able to work around your issue. I appreciate your feedback. I understand that it is a confusing situation and you're right we could probably add some clarity in the readme.