boltops-tools / armrest Goto Github PK

The CLI Auth method does not correctly handle getting the token with the adequate scope.

When authenticated with the CLI the current token does not allow reading the vault secrets as its not correctly scoped, it generates the following error when trying to get the secrets:

WARN: AKV10022: Invalid audience. Expected https://vault.azure.net, found: https://management.core.windows.net/.

After troubleshooting this issue I found that the get_access_token method would need to handle scoping so the token is generated for the needed API call.

Small hack: Note this fixes the armrest secret show command but breaks the rest as the token is no longer valid for other API calls like resource creation...

Add this just after the above line:

if ENV['ARMREST_VAULT'] || ENV['ARM_VAULT']
  command = command + ' --scope "https://vault.azure.net/.default"'
end

Hi,
Any particular reason that you set camelize(data) at line 67?
As I got an issue to set Azure Tags as it does not respect the case sensitivity and underscore for my azure backend tags
So as a workaround, I removed the line 67 on my local development machine and it works as expected
Thanks

Reproduce:

az login -u xxx -p xxx     # output account detail in json
armrest auth               # output Unable to authenticate
armrest auth msi           # output Unable to authenticate
armrest auth cli           # output Unable to authenticate

Testing Environment:
os: wsl ubuntu 20.04
version: armrest v0.1.3

I'm a newbie in ruby. I try to debug with vscode on windows but It's quite difficult cuz there are some issue with devkit.