Single tenant auth, issuer url fix (#872)

## Info on Pull Request The deploy.py is only able to set the issuer url to the redmond tenant in the case of single tenant auth. For multi tenant, since the the tenant_domain is provided specifically, it works fine. In the case of single tenant, if the instance is not in the redmond tenant, the cli is unable to authenticate itself. _What does this include?_ ## Validation Steps Performed A test instance was deployed in the PME instance and it was verified that the cli could authenticate with the instance.
2025-06-14 11:08:06 +00:00 · 2021-05-17 07:44:39 -06:00
parent 3c0f6f56a7
commit 255271a2b3
1 changed files with 15 additions and 1 deletions
--- a/src/deployment/deploy.py
+++ b/src/deployment/deploy.py
@ -67,6 +67,7 @@ from registration import (
    add_application_password,
    assign_app_role,
    authorize_application,
+    get_graph_client,
    register_application,
    set_app_audience,
    update_pool_registration,
@ -426,7 +427,20 @@ class Client:
            }

        else:
-            authorize_application(uuid.UUID(ONEFUZZ_CLI_APP), app.app_id)
+            onefuzz_cli_app = cli_app[0]
+            authorize_application(uuid.UUID(onefuzz_cli_app.app_id), app.app_id)
+            if self.multi_tenant_domain:
+                authority = COMMON_AUTHORITY
+            else:
+                onefuzz_client = get_graph_client(self.get_subscription_id())
+                authority = (
+                    "https://login.microsoftonline.com/%s"
+                    % onefuzz_client.config.tenant_id
+                )
+            self.cli_config = {
+                "client_id": onefuzz_cli_app.client_id,
+                "authority": authority,
+            }

        self.results["client_id"] = app.app_id
        self.results["client_secret"] = password