Provide a way to choose a different tenant when authenticating (#609)

winstliu · web-flow · commit 6c84a776905d · 2024-12-03T15:38:52.000Z
* Sign in with the default tenant, but provide a setting to use a different tenant

* Don't do work just to ignore it
diff --git a/README.md b/README.md
@@ -27,7 +27,13 @@ You probably have custom tasks installed in your organization.
 
 To provide the most relevant IntelliSense, the extension will automatically detect and use your organization's schema! All you need to do is follow the instructions when prompted.
 
-> If automatic fetching of the organization schema doesn't work, try signing out and signing back in using the `Azure: Sign Out` and `Azure: Sign In` commands from the VS Code command palette (Ctrl/Cmd + Shift + P).
+### Using a different Microsoft Entra tenant
+
+The extension uses your account's default tenant to connect to Azure DevOps.
+Sometimes, this is not what you want as your Azure DevOps organization is linked to a different tenant.
+
+To get the extension to use the correct tenant, go to the [Tenant](vscode://settings/azure-pipelines.tenant) setting and enter the Microsoft Entra tenant ID that your organization uses.
+You can view which tenant your organization is connected to by going to `https://dev.azure.com/YOUR-ORG-HERE/_settings/organizationAad`.
 
 ### Specific schema
 
diff --git a/package.json b/package.json
@@ -87,6 +87,13 @@
                     "type": "string",
                     "description": "Use a different schema file",
                     "scope": "machine-overridable"
+                },
+                "azure-pipelines.tenant": {
+                    "type": "string",
+                    "description": "Microsoft Entra tenant ID to use when connecting to Azure DevOps. Leave empty to use your account's default tenant.",
+                    "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$|^$",
+                    "patternErrorMessage": "The tenant must be a valid GUID.",
+                    "scope": "resource"
                 }
             }
         },
diff --git a/src/extension.ts b/src/extension.ts
@@ -66,7 +66,9 @@ async function activateYmlContributor(context: vscode.ExtensionContext) {
 
     // Let the server know of any schema changes.
     context.subscriptions.push(vscode.workspace.onDidChangeConfiguration(async event => {
-        if (event.affectsConfiguration('azure-pipelines.customSchemaFile') || event.affectsConfiguration('azure-pipelines.1ESPipelineTemplatesSchemaFile')) {
+        if (event.affectsConfiguration('azure-pipelines.customSchemaFile') ||
+            event.affectsConfiguration('azure-pipelines.1ESPipelineTemplatesSchemaFile') ||
+            event.affectsConfiguration('azure-pipelines.tenant')) {
             await loadSchema(context, client);
         }
     }));
diff --git a/src/messages.ts b/src/messages.ts
@@ -7,7 +7,8 @@ export const selectOrganizationLabel = 'Select organization';
 export const selectOrganizationPlaceholder = 'Select Azure DevOps organization associated with the %s repository';
 export const signInLabel = 'Sign In';
 export const signInWithADifferentAccountLabel = 'Sign in with a different account';
-export const unableToAccessOrganization = 'Unable to access the "%s" organization. Make sure you\'re signed into the right Microsoft account.';
+export const changeTenantLabel = 'Change active tenant';
+export const unableToAccessOrganization = 'Unable to access the "%s" organization. Make sure you\'re signed into the right Microsoft account or using the right tenant.';
 export const signInForEnhancedIntelliSense = 'Sign in to Microsoft for enhanced Azure Pipelines IntelliSense';
 export const userEligibleForEnahanced1ESPTIntellisense = 'Enable 1ESPT Schema in Azure Pipelines Extension settings for enhanced Intellisense';
 export const notUsing1ESPTSchemaAsUserNotSignedInMessage = '1ESPT Schema is not used for Intellisense as you are not signed in with a `@microsoft.com` account';
diff --git a/src/schema-association-service-1espt.ts b/src/schema-association-service-1espt.ts
@@ -8,7 +8,7 @@ import { URI, Utils } from 'vscode-uri';
 import * as azdev from 'azure-devops-node-api';
 import * as logger from './logger';
 import * as Messages from './messages';
-import { getAzureDevOpsSessions } from './schema-association-service';
+import { getAzureDevOpsSession } from './schema-association-service';
 
 const milliseconds24hours = 86400000;
 
@@ -80,7 +80,7 @@ export async function getCached1ESPTSchema(context: vscode.ExtensionContext, org
             void vscode.window.showInformationMessage(Messages.notUsing1ESPTSchemaAsUserNotSignedInMessage, Messages.signInWithADifferentAccountLabel)
                 .then(async action => {
                     if (action === Messages.signInWithADifferentAccountLabel) {
-                        await getAzureDevOpsSessions(context, {
+                        await getAzureDevOpsSession(context, {
                             clearSessionPreference: true,
                             createIfNone: true,
                         });
diff --git a/src/schema-association-service.ts b/src/schema-association-service.ts

Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,13 @@`
`87`	`87`	`"type": "string",`
`88`	`88`	`"description": "Use a different schema file",`
`89`	`89`	`"scope": "machine-overridable"`
	`90`	`+ },`
	`91`	`+ "azure-pipelines.tenant": {`
	`92`	`+ "type": "string",`
	`93`	`+ "description": "Microsoft Entra tenant ID to use when connecting to Azure DevOps. Leave empty to use your account's default tenant.",`
	`94`	`+ "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$\|^$",`
	`95`	`+ "patternErrorMessage": "The tenant must be a valid GUID.",`
	`96`	`+ "scope": "resource"`
`90`	`97`	`}`
`91`	`98`	`}`
`92`	`99`	`},`