From edc37b473cfc98dd3d001928d58cac110873bf7a Mon Sep 17 00:00:00 2001 From: John Miller Date: Thu, 9 Apr 2026 15:20:32 -0400 Subject: [PATCH] feat: add user authentication check before file-modifying operations in init command. Fixes #7547 --- .../azure.ai.agents/internal/cmd/init.go | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/cli/azd/extensions/azure.ai.agents/internal/cmd/init.go b/cli/azd/extensions/azure.ai.agents/internal/cmd/init.go index 6f8bae6f5c2..757c4db4997 100644 --- a/cli/azd/extensions/azure.ai.agents/internal/cmd/init.go +++ b/cli/azd/extensions/azure.ai.agents/internal/cmd/init.go @@ -127,6 +127,27 @@ func checkAiModelServiceAvailable(ctx context.Context, azdClient *azdext.AzdClie return nil } +// ensureLoggedIn verifies that the user is authenticated before any file-modifying +// operations take place. It calls ListSubscriptions as a lightweight auth probe; +// only gRPC Unauthenticated errors are treated as failures. Other errors (e.g. +// network issues) are ignored so they don't block init for unrelated reasons. +func ensureLoggedIn(ctx context.Context, azdClient *azdext.AzdClient) error { + _, err := azdClient.Account().ListSubscriptions(ctx, &azdext.ListSubscriptionsRequest{}) + if err == nil { + return nil + } + + if st, ok := status.FromError(err); ok && st.Code() == codes.Unauthenticated { + return exterrors.Auth( + exterrors.CodeNotLoggedIn, + "not logged in", + "run `azd auth login` to authenticate before running init", + ) + } + + return nil +} + // runInitFromManifest sets up Azure context, credentials, console, and runs the // InitAction for a given manifest pointer. This is the shared code path used when // initializing from a manifest URL/path (the -m flag, agent template, or azd template @@ -228,6 +249,10 @@ func newInitCommand(rootFlags *rootFlagsDefinition) *cobra.Command { return err } + if err := ensureLoggedIn(ctx, azdClient); err != nil { + return err + } + // Wait for debugger if AZD_EXT_DEBUG is set if err := azdext.WaitForDebugger(ctx, azdClient); err != nil { if errors.Is(err, context.Canceled) || errors.Is(err, azdext.ErrDebuggerAborted) {