When using CLI auth, the provider should warn about mismatched Azure environments #3274
Labels
area/auth
impact/usability
Something that impacts users' ability to use the product easily and intuitively
kind/enhancement
Improvements or new features
resolution/fixed
This issue was fixed
Prompted by #3268.
Azure has different clouds or "environments" like public and usgovernment. The environment of a Pulumi program cab be configured via
azure-native:environment
. However, when using the Azure CLI to authenticate, the provider will always use the environment we're logged in to, viaaz login
.This is somewhat unavoidable, since otherwise, Pulumi would need to change the CLI configuration. Both the subscription and the auth token are, to my knowledge, separate per cloud. Our authentication library uses
az account show
to determine the currently active subscription (fromaz login
), and then takes the cloud from the subscription as well.Therefore,
azure-native:environment
has no effect when using the CLI to authenticate. For all other auth methods, this problem should not exist since there's no local state lookup likeaz account show
, everything is explicitly configured.We should warn or error when the configured environment is different from the one
az
is logged into.The text was updated successfully, but these errors were encountered: