Connect-PnPOnline Azure Environment Discovery (National/Sovereign Cloud Support) #1014
Comments
|
@BernarldoEllis : I'm not fully understanding the ask here, seems be more suited for the PnP PowerShell repo? https://learn.microsoft.com/en-us/graph/deployments describes the possible environments and their respective Graph and Azure AD environments, this is implemented in PnP Core using this code: https://github.com/pnp/pnpcore/blob/dev/src/sdk/PnP.Core/Services/Core/CloudManager.cs. See also https://pnp.github.io/pnpcore/using-the-sdk/basics-settings.html#settings-overview on how to set the I'm going to close this issue here, maybe you can open an issue with PnP PowerShell. |
|
Thanks for the response. I don’t understand why you closed the issue so quickly though. The issue is that Microsoft has additional environments that are not included in the PnPCore library, which PnP PowerShell depends on. I can open an issue against PowerShell but ultimately it’s going to come back to PnPCore. Can you not test the suggested design pattern against existing National clouds such as Azure Government? There are Microsoft personnel that do have access to these other clouds even if the PnP team does not directly. Can you please re-open this issue? |
|
Hi @BernarldoEllis , Re-opened this...can you provide information on such an additional cloud environment that applies to SharePoint/OneDrive and Teams (the scope of PnP Core SDK and PnP PowerShell)? I'm not aware of these besides the publicly documented ones. Happy to learn more. Supporting these environments in PnP Core however does not equal support in PnP PowerShell as that library uses different implementations for the auth flows. I assume you've an issue with using PnP PowerShell against your environment, can you share more details about your cloud environment (e.g. the output of the |
|
Thanks @jansenbe, these environments aren't disclosed broadly for reasons, but one place publicly you can gain awareness on them is at https://azure.microsoft.com/en-us/explore/global-infrastructure/geographies/#geographies. If you select Azure Government and scroll all the way to the right, you'll see region names of US Sec East, US Sec West, etc. I cannot share Add-AzEnvironment output in this forum, but don't see why this discovery pattern can't be tested against Azure Government for validation. I did take your suggestion and open an issue against PnP PowerShell, it's pnp/powershell#2533. I'm happy to close this issue in light of the new one with PowerShell if you don't think it sits properly against PnPCore. I just understand that PowerShell takes dependency on CloudManager in Core for cloud environment handling and thought the limitation is there, but it seems both would need to make updates for the scenario to work. |
|
@BernarldoEllis : this all specific for Azure, I don't think this applies to SharePoint Online or Teams? If the login urls or Graph urls you need for working with SharePoint and Teams are different compared to what's shared in https://learn.microsoft.com/en-us/graph/deployments then I would like to understand those. Feel free to directly send information to [email protected] in case info can't be disclosed publicly. |
|
@BernarldoEllis : I've added a model that allows you to specify the Graph and Azure AD Login endpoints that you need for a custom cloud environment. You can do this by setting Environment to Docs: https://pnp.github.io/pnpcore/using-the-sdk/basics-settings.html#settings-overview This change will allow any future cloud environment to work with PnP Core SDK, hence I'm closing this issue now. As you know there's still work needed for PnP Framework and PnP PowerShell, enabling a similar model in PS makes sense to me. |
Category
Describe the feature
Microsoft has additional Azure/O365 cloud environments beyond GCC High and DoD. For this reason, Microsoft has added environment discovery capability to Azure PowerShell via Discovering a new Azure environment via Uri using the Add-AzEnvironment cmdlet I can discover an environment via URL to retrieve the appropriate Graph, Azure AD, etc. endpoints for making calls, which is then used to specify as the environment when connecting with Connect-AzAccount.
Connect-PnPOnline, leveraging PnPCore, should allow customers to use PnPPowerShell ideally in the same manner:
Add-AzEnvironment -Autodiscover -Url https://management.azure.com/metadata/endpoints?api-version=2020-06-01 (What's returned will be different endpoints for each environment)
Connect-AzEnvironment -Environment DiscoveredAzureEnvX
Describe the solution you'd like
Continue allowing customers to specify environments like GCC, GCC High, and Dod but also allow Connect-PnPOnline to connect via the discovery pattern shown above, allowing customers in additional Microsoft cloud environments beyond what's currently in src/sdk/PnP.Core/Services/Core/CloudManager.cs to leverage the PnPPowerShell platform for management and automation.
Connect-PnPOnline/CloudManager, could do one of two things:
For the second, thinking something like:
Add-PnPOnlineEnvironment -FromUrl https://management.azure.com/metadata/endpoints?api-version=2020-06-01
Connect-PnPOnlineEnvironment -Environment
Additional context
N/A
The text was updated successfully, but these errors were encountered: