Update "Azure AD" references to "Microsoft Entra ID"

.devcontainer/devcontainer.json

@@ -109,7 +109,7 @@
               ]
             },
             {
-              "name": "E2E Extended AAD",
+              "name": "E2E Extended Microsoft Entra ID",
               "type": "python",
               "request": "launch",
               "module": "pytest",

.github/actions/devcontainer_run_command/action.yml

@@ -65,10 +65,10 @@ inputs:
     description: "The API Client Secret."
     required: false
   APPLICATION_ADMIN_CLIENT_ID:
-    description: "The Client ID of an identity that can manage the AAD Applications."
+    description: "The Client ID of an identity that can manage the Microsoft Entra ID Applications."
     required: false
   APPLICATION_ADMIN_CLIENT_SECRET:
-    description: "The Client secret of an identity that can manage the AAD Applications."
+    description: "The Client secret of an identity that can manage the Microsoft Entra ID Applications."
     required: false
   ACR_NAME:
     description: "The Container Registry that holds our Research images."

.github/scripts/build.js

@@ -97,7 +97,7 @@ async function getCommandFromComment({ core, context, github }) {
 
       case "/test-extended-aad":
         {
-          const runTests = await handleTestCommand({ core, github }, parts, "extended AAD tests", runId, { number: prNumber, authorUsername: prAuthorUsername, repoOwner, repoName, headSha: prHeadSha, refId: prRefId, details: pr }, { username: commentUsername, link: commentLink });
+          const runTests = await handleTestCommand({ core, github }, parts, "extended Microsoft Entra ID tests", runId, { number: prNumber, authorUsername: prAuthorUsername, repoOwner, repoName, headSha: prHeadSha, refId: prRefId, details: pr }, { username: commentUsername, link: commentLink });
           if (runTests) {
             command = "run-tests-extended-aad";
           }
@@ -247,7 +247,7 @@ async function showHelp({ github }, repoOwner, repoName, prNumber, commentUser,
 You can use the following commands:
     /test - build, deploy and run smoke tests on a PR
     /test-extended - build, deploy and run smoke & extended tests on a PR
-    /test-extended-aad - build, deploy and run smoke & extended AAD tests on a PR
+    /test-extended-aad - build, deploy and run smoke & extended Microsoft Entra ID tests on a PR
     /test-shared-services - test the deployment of shared services on a PR build
     /test-force-approve - force approval of the PR tests (i.e. skip the deployment checks)
     /test-destroy-env - delete the validation environment for a PR (e.g. to enable testing a deployment from a clean start after previous tests)

.github/scripts/build.test.js

@@ -407,7 +407,7 @@ describe('getCommandFromComment', () => {
             owner: 'someOwner',
             repo: 'someRepo',
             issue_number: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
-            bodyMatcher: /Running extended AAD tests: https:\/\/github.com\/someOwner\/someRepo\/actions\/runs\/11112222 \(with refid `cbce50da`\)/,
+            bodyMatcher: /Running extended Microsoft Entra ID tests: https:\/\/github.com\/someOwner\/someRepo\/actions\/runs\/11112222 \(with refid `cbce50da`\)/,
           });
         });
       });

Makefile

@@ -334,8 +334,8 @@ test-e2e-extended: ## 🧪 Run E2E extended tests
 	$(call target_title, "Running E2E extended tests") && \
 	$(MAKE) test-e2e-custom SELECTOR=extended
 
-test-e2e-extended-aad: ## 🧪 Run E2E extended AAD tests
-	$(call target_title, "Running E2E extended AAD tests") && \
+test-e2e-extended-aad: ## 🧪 Run E2E extended Microsoft Entra ID tests
+	$(call target_title, "Running E2E extended Microsoft Entra ID tests") && \
 	$(MAKE) test-e2e-custom SELECTOR=extended_aad
 
 test-e2e-shared-services: ## 🧪 Run E2E shared service tests
@@ -362,8 +362,8 @@ setup-local-debugging: ## 🛠️ Setup local debugging
 	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/core/private.env \
 	&& . ${MAKEFILE_DIR}/devops/scripts/setup_local_debugging.sh
 
-auth: ## 🔐 Create the necessary Azure Active Directory assets
-	$(call target_title,"Setting up Azure Active Directory") \
+auth: ## 🔐 Create the necessary Microsoft Entra ID assets
+	$(call target_title,"Setting up Microsoft Entra ID") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
 	&& ${MAKEFILE_DIR}/devops/scripts/create_aad_assets.sh
 

README.md

@@ -22,7 +22,7 @@ Core features include:
 - Self-service provisioning of research tooling for research teams
 - Package and repository mirroring - PyPi, R-CRAN, Apt and more.
 - Extensible architecture - build your own service templates as required
-- Azure Active Directory integration
+- Microsoft Entra ID integration
 - Airlock - import and export
 - Cost reporting
 - Ready to workspace templates including:  

api_app/.env.sample

@@ -4,15 +4,15 @@
 # LOGGING_LEVEL can be set to DEBUG, INFO, WARNING, ERROR or CRITICAL
 LOGGING_LEVEL="INFO"
 
-# OAUTH information - client ids etc. for the AAD Apps
+# OAUTH information - client ids etc. for the Microsoft Entra ID Apps
 # ----------------------------------------------------
 # The AppId for the API service principal (TRE API)
 API_CLIENT_ID=__CHANGE_ME__
 # The Client secret fo the TRE API application
 API_CLIENT_SECRET=__CHANGE_ME__
 # The AppId for the Swagger service principal (TRE Swagger UI)
 SWAGGER_UI_CLIENT_ID=__CHANGE_ME__
-# The Azure AD tenant
+# The Microsoft Entra Workforce tenant
 AAD_TENANT_ID=__CHANGE_ME__
 
 # API parameters

api_app/_version.py

@@ -1 +1 @@
-__version__ = "0.18.5"
+__version__ = "0.18.6"

api_app/api/routes/workspaces.py

@@ -99,7 +99,7 @@ async def retrieve_workspace_scope_id_by_workspace_id(workspace=Depends(get_work
 @workspaces_core_router.post("/workspaces", status_code=status.HTTP_202_ACCEPTED, response_model=OperationInResponse, name=strings.API_CREATE_WORKSPACE, dependencies=[Depends(get_current_admin_user)])
 async def create_workspace(workspace_create: WorkspaceInCreate, response: Response, user=Depends(get_current_admin_user), workspace_repo=Depends(get_repository(WorkspaceRepository)), resource_template_repo=Depends(get_repository(ResourceTemplateRepository)), operations_repo=Depends(get_repository(OperationRepository)), resource_history_repo=Depends(get_repository(ResourceHistoryRepository))) -> OperationInResponse:
     try:
-        # TODO: This requires Directory.ReadAll ( Application.Read.All ) to be enabled in the Azure AD application to enable a users workspaces to be listed. This should be made optional.
+        # TODO: This requires Directory.ReadAll ( Application.Read.All ) to be enabled in the Microsoft Entra ID application to enable a users workspaces to be listed. This should be made optional.
         auth_info = extract_auth_information(workspace_create.properties)
         workspace, resource_template = await workspace_repo.create_workspace_item(workspace_create, auth_info, user.id, user.roles)
     except (ValidationError, ValueError) as e:

api_app/models/schemas/workspace.py

@@ -27,11 +27,11 @@ class AuthProvider(str, Enum):
     """
     Auth Provider
     """
-    AAD = "AAD"
+    Microsoft Entra ID = "Microsoft Entra ID"
 
 
 class AuthenticationConfiguration(BaseModel):
-    provider: AuthProvider = Field(AuthProvider.AAD, title="Authentication Provider")
+    provider: AuthProvider = Field(AuthProvider.Microsoft Entra ID, title="Authentication Provider")
     data: dict = Field({}, title="Authentication information")
 
 

api_app/resources/strings.py

@@ -99,7 +99,7 @@
 
 # Error strings
 ACCESS_APP_IS_MISSING_ROLE = "The App is missing role"
-ACCESS_PLEASE_SUPPLY_CLIENT_ID = "Please supply the client_id for the AAD application"
+ACCESS_PLEASE_SUPPLY_CLIENT_ID = "Please supply the client_id for the Microsoft Entra ID application"
 ACCESS_UNABLE_TO_GET_INFO_FOR_APP = "Unable to get app info for app:"
 ACCESS_UNABLE_TO_GET_ROLE_ASSIGNMENTS_FOR_USER = "Unable to get role assignments for user"
 ACCESS_UNABLE_TO_GET_ACCOUNT_TYPE = "Unable to look up account type"

api_app/schemas/azuread.json

@@ -2,7 +2,7 @@
     "$schema": "http://json-schema.org/draft-07/schema",
     "$id": "https://github.com/microsoft/AzureTRE/schema/azuread.json",
     "type": "object",
-    "title": "Azure AD Authorisation Schema",
+    "title": "Microsoft Entra ID Authorisation Schema",
     "default": {},
     "required": [
     ],

api_app/services/aad_authentication.py

@@ -168,7 +168,7 @@ def _ensure_b64padding(key: str) -> str:
 
     def _get_token_key(self, key_id: str) -> str:
         """
-        Rather tha use PyJWKClient.get_signing_key_from_jwt every time, we'll get all the keys from AAD and cache them.
+        Rather tha use PyJWKClient.get_signing_key_from_jwt every time, we'll get all the keys from Microsoft Entra ID and cache them.
         """
         if key_id not in AzureADAuthorization._jwt_keys:
             response = requests.get(f"{self.aad_instance}/{config.AAD_TENANT_ID}/v2.0/.well-known/openid-configuration")
@@ -203,7 +203,7 @@ def _get_msgraph_token() -> str:
         except Exception:
             result = None
         if not result:
-            logger.debug('No suitable token exists in cache, getting a new one from AAD')
+            logger.debug('No suitable token exists in cache, getting a new one from Microsoft Entra ID')
             result = app.acquire_token_for_client(scopes=scopes)
         if "access_token" not in result:
             raise Exception(f"API app registration access token cannot be retrieved. {result.get('error')}: {result.get('error_description')}")
@@ -321,8 +321,8 @@ def _get_batch_users_by_role_assignments_body(self, roles_graph_data):
 
         return request_body
 
-    # This method is called when you create a workspace and you already have an AAD App Registration
-    # to link it to. You pass in the client_id and go and get the extra information you need from AAD
+    # This method is called when you create a workspace and you already have an Microsoft Entra ID App Registration
+    # to link it to. You pass in the client_id and go and get the extra information you need from Microsoft Entra ID
     # If the auth_type is `Automatic`, then these values will be written by Terraform.
     def _get_app_auth_info(self, client_id: str) -> dict:
         graph_data = self._get_app_sp_graph_data(client_id)
@@ -396,7 +396,7 @@ def extract_workspace_auth_information(self, data: dict) -> dict:
             raise AuthConfigValidationError(strings.ACCESS_PLEASE_SUPPLY_CLIENT_ID)
 
         auth_info = {}
-        # The user may want us to create the AAD workspace app and therefore they
+        # The user may want us to create the Microsoft Entra ID workspace app and therefore they
         # don't know the client_id yet.
         if data["auth_type"] != "Automatic":
             auth_info = self._get_app_auth_info(data["client_id"])

api_app/services/authentication.py

@@ -8,15 +8,15 @@
 
 
 def extract_auth_information(workspace_creation_properties: dict) -> dict:
-    access_service = get_access_service('AAD')
+    access_service = get_access_service('Microsoft Entra ID')
     try:
         return access_service.extract_workspace_auth_information(workspace_creation_properties)
     except AuthConfigValidationError as e:
         raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
 
 
-def get_access_service(provider: str = AuthProvider.AAD) -> AccessService:
-    if provider == AuthProvider.AAD:
+def get_access_service(provider: str = AuthProvider.Microsoft Entra ID) -> AccessService:
+    if provider == AuthProvider.Microsoft Entra ID:
         return AzureADAuthorization()
     raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=strings.INVALID_AUTH_PROVIDER)
 

api_app/tests_ma/test_service_bus/test_substitutions.py

@@ -242,7 +242,7 @@ def test_substitution_list_strings(primary_resource, resource_to_update):
                     "rules": [
                         {
                             "name": "AllowAzureAD",
-                            "description": "AAD access for authNZ",
+                            "description": "Microsoft Entra ID access for authNZ",
                             "source_addresses": "",
                             "destination_addresses": ["AzureActiveDirectory"],
                             "destination_ports": ["*", "{{resource.id}}"],

cli/tre/commands/login.py

@@ -43,10 +43,10 @@ def login():
               + 'https://<id>.<location>.cloudapp.azure.com/')
 @click.option('--client-id',
               required=False,
-              help='The Client ID of the Azure AD application for the API (optional for API versions >= v0.5.7)')
+              help='The Client ID of the Microsoft Entra ID application for the API (optional for API versions >= v0.5.7)')
 @click.option('--aad-tenant-id',
               required=False,
-              help='The Tenant ID for the AAD tenant to authenticate with (optional for API versions >= v0.5.7)')
+              help='The Tenant ID for the Microsoft Entra ID tenant to authenticate with (optional for API versions >= v0.5.7)')
 @click.option('--api-scope',
               required=False,
               help='The API scope for the base API (optional for API versions >= v0.5.7)')
@@ -173,7 +173,7 @@ def login_device_code(base_url: str, client_id: str, aad_tenant_id: str, api_sco
 @click.option(
     "--aad-tenant-id",
     required=False,
-    help="The Tenant ID for the AAD tenant to authenticate with (optional for API versions >= v0.5.7)",
+    help="The Tenant ID for the Microsoft Entra ID tenant to authenticate with (optional for API versions >= v0.5.7)",
 )
 @click.option("--api-scope", required=False, help="The API scope for the base API (optional for API versions >= v0.5.7)")
 @click.option(

config.sample.yaml

@@ -48,8 +48,8 @@ authentication:
   # create an identity with `Application.ReadWrite.OwnedBy`.
   # Setting AUTO_WORKSPACE_APP_REGISTRATION to true will:
   # create an identity with `Application.ReadWrite.All` and `Directory.Read.All`.
-  # When this is true, create Workspaces will also create an AAD Application automatically.
-  # When this is false, the AAD Application will need creating manually.
+  # When this is true, create Workspaces will also create an Microsoft Entra ID Application automatically.
+  # When this is false, the Microsoft Entra ID Application will need creating manually.
   auto_workspace_app_registration: true
   # Setting AUTO_WORKSPACE_GROUP_CREATION to true will create an identity with `Group.ReadWrite.All`
   auto_workspace_group_creation: false

config_schema.json

@@ -98,7 +98,7 @@
           "pattern": "^[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$"
         },
         "auto_workspace_app_registration": {
-          "description": "This identity is used to manage other AAD applications that it owns. Read more about it here: docs/tre-admins/auth.md",
+          "description": "This identity is used to manage other Microsoft Entra ID applications that it owns. Read more about it here: docs/tre-admins/auth.md",
           "type": "boolean"
         },
         "auto_workspace_group_creation": {
@@ -121,12 +121,12 @@
           "pattern": "^[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$"
         },
         "application_admin_client_id": {
-          "description": "This client will administer AAD Applications for TRE.",
+          "description": "This client will administer Microsoft Entra ID Applications for TRE.",
           "type": "string",
           "pattern": "^[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$"
         },
         "application_admin_client_secret": {
-          "description": "Secret to client which will administer AAD Applications for TRE",
+          "description": "Secret to client which will administer Microsoft Entra ID Applications for TRE",
           "type": "string",
           "minLength": 11
         },

core/terraform/variables.tf

@@ -78,37 +78,37 @@ variable "enable_swagger" {
 
 variable "swagger_ui_client_id" {
   type        = string
-  description = "The client id (app id) of the registration in Azure AD for the Swagger UI"
+  description = "The client id (app id) of the registration in Microsoft Entra ID for the Swagger UI"
   sensitive   = true
 }
 
 variable "aad_tenant_id" {
   type        = string
-  description = "The tenant id of the Azure AD used for authentication."
+  description = "The tenant id of the Microsoft Entra ID used for authentication."
   sensitive   = true
 }
 
 variable "api_client_id" {
   type        = string
-  description = "The client id (app id) of the registration in Azure AD for the API."
+  description = "The client id (app id) of the registration in Microsoft Entra ID for the API."
   sensitive   = true
 }
 
 variable "api_client_secret" {
   type        = string
-  description = "A client secret used by the API to authenticate with Azure AD for access to Microsoft Graph."
+  description = "A client secret used by the API to authenticate with Microsoft Entra ID for access to Microsoft Graph."
   sensitive   = true
 }
 
 variable "application_admin_client_id" {
   type        = string
-  description = "The client id (app id) of the registration in Azure AD for creating AAD Applications."
+  description = "The client id (app id) of the registration in Microsoft Entra ID for creating Microsoft Entra ID Applications."
   sensitive   = true
 }
 
 variable "application_admin_client_secret" {
   type        = string
-  description = "A client secret used by the Resource Processor to authenticate with Azure AD to create AAD Applications."
+  description = "A client secret used by the Resource Processor to authenticate with Microsoft Entra ID to create Microsoft Entra ID Applications."
   sensitive   = true
 }
 

core/version.txt

@@ -1 +1 @@
-__version__ = "0.9.6"
+__version__ = "0.9.7"

devops/scripts/aad/create_api_application.sh

@@ -10,16 +10,16 @@ function show_usage()
     cat << USAGE
 
 Utility script for creating app registrations required by Azure TRE. This script will create the API and Client
-Applications. The Client Application is the public facing app, whereas the API is an internal AAD Application.
-You must be logged in using Azure CLI with sufficient privileges to modify Azure Active Directory to run this script.
+Applications. The Client Application is the public facing app, whereas the API is an internal Microsoft Entra ID Application.
+You must be logged in using Azure CLI with sufficient privileges to modify Microsoft Entra ID to run this script.
 
 Usage: $0 -n <app-name> [-r <reply-url>] [-a] [-s] [--automation-account]
 
 Options:
     -n,--name                   Required. The prefix for the app (registration) names e.g., "TRE", or "Workspace One".
     -u,--tre-url                TRE URL, used to construct auth redirection URLs for the UI and Swagger app.
     -a,--admin-consent          Optional, but recommended. Grants admin consent for the app registrations, when this flag is set.
-                                Requires directory admin privileges to the Azure AD in question.
+                                Requires directory admin privileges to the Microsoft Entra ID in question.
     -t,--automation-clientid    Optional, when --workspace is specified the client ID of the automation account can be added to the TRE workspace.
     -r,--reset-password         Optional, switch to automatically reset the password. Default 0
 
@@ -102,7 +102,7 @@ currentUserId=$(az ad signed-in-user show --query 'id' --output tsv --only-show-
 msGraphUri="$(az cloud show --query endpoints.microsoftGraphResourceId --output tsv)/v1.0"
 tenant=$(az rest -m get -u "${msGraphUri}/domains" -o json | jq -r '.value[] | select(.isDefault == true) | .id')
 
-echo -e "\e[96mCreating the API/UX Application in the \"${tenant}\" Azure AD tenant.\e[0m"
+echo -e "\e[96mCreating the API/UX Application in the \"${tenant}\" Microsoft Entra ID tenant.\e[0m"
 
 # Load in helper functions
 # shellcheck disable=SC1091