Fix environment variable leak and flag propagation for extensions#7314
Open
Fix environment variable leak and flag propagation for extensions#7314
Conversation
Extension commands use DisableFlagParsing, so cobra never parses global flags like -e/--environment, --debug, or --cwd. This caused two problems: 1. The DI-resolved environment always loaded the default instead of the one specified with -e, leaking wrong env vars into extension processes and never setting AZD_ENVIRONMENT (#7034). 2. --debug and --cwd were also not propagated to extensions because extensions.go read them from cmd.Flags() which returns defaults. Fix by: - Adding -e/--environment to ParseGlobalFlags() with lenient validation: valid env names are accepted, non-env values (like URLs that extensions pass via -e) are silently skipped so extensions still work. - Adding EnvironmentName to GlobalCommandOptions so the pre-parsed value is available to the DI container and extension runner. - Updating container.go EnvFlag resolver to fall back to globalOptions when cmd.Flags() returns empty (extension commands). - Updating extensions.go to use globalOptions for all InvokeOptions fields (debug, cwd, environment, no-prompt) instead of cmd.Flags(). Closes #7034 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
requested review from
JeffreyCA,
hemarina,
rajeshkamal5050,
tg-msft,
vhvb1989,
wbreza and
weikanglim
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes global flag propagation (notably -e/--environment, --debug, --cwd) to extension commands that run with DisableFlagParsing: true, and standardizes invalid environment-name errors.
Changes:
- Introduces
GlobalCommandOptions.EnvironmentNameand parses-e/--environmentearly viaParseGlobalFlags(). - Updates extension invocation and DI env resolver to read from pre-parsed
globalOptionsrather thancmd.Flags(). - Centralizes invalid environment-name error formatting and updates help/usage snapshots to include the new global flag.
Reviewed changes
Copilot reviewed 71 out of 71 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| cli/azd/pkg/environment/manager.go | Replaces ad-hoc invalid env name messaging with shared InvalidEnvironmentNameError() |
| cli/azd/pkg/environment/environment.go | Adds shared exported invalid env name error helper |
| cli/azd/internal/global_command_options.go | Adds EnvironmentName to carry pre-parsed -e/--environment value |
| cli/azd/cmd/extensions.go | Propagates debug/cwd/env/no-prompt to extensions via globalOptions |
| cli/azd/cmd/container.go | DI resolver for EnvFlag falls back to globalOptions.EnvironmentName |
| cli/azd/cmd/auto_install.go | Adds global -e/--environment and validates it in ParseGlobalFlags() |
| cli/azd/cmd/auto_install_test.go | Adds tests for parsing/validating -e/--environment |
| cli/azd/cmd/testdata/TestFigSpec.ts | Moves --environment/-e to persistent options; removes per-command env options in a few places |
| cli/azd/cmd/testdata/TestUsage-azd.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-x.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-version.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-template.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-template-source.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-template-source-remove.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-template-source-list.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-template-source-add.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-template-show.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-template-list.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-pipeline.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-mcp.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-mcp-start.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-infra.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-hooks.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-upgrade.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-uninstall.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-source.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-source-validate.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-source-remove.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-source-list.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-source-add.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-show.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-list.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-extension-install.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-env.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-env-select.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-env-new.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-env-list.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-env-config.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-demo.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-copilot.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-copilot-consent.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-copilot-consent-revoke.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-copilot-consent-list.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-copilot-consent-grant.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config-unset.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config-show.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config-set.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config-reset.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config-options.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config-list-alpha.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-config-get.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-concurx.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-completion.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-completion-zsh.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-completion-powershell.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-completion-fish.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-completion-fig.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-completion-bash.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-coding-agent.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-auth.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-auth-status.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-auth-logout.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-auth-login.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-appservice.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-ai.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-ai-models.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-ai-finetuning.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-ai-agent.snap | Updates help snapshot to include -e, --environment |
| cli/azd/cmd/testdata/TestUsage-azd-add.snap | Updates help snapshot to include -e, --environment |
Comments suppressed due to low confidence (2)
cli/azd/internal/global_command_options.go:1
- This comment says
EnvironmentNameis empty when the passed-evalue is not a valid environment name (e.g., extensions reuse-efor URLs), butParseGlobalFlags()now returns an error for invalid values. Update the comment to match the new strict-validation behavior (or relax validation if the intent is still to allow extensions to reuse-e).
cli/azd/pkg/environment/environment.go:1 - The standardized error message hard-codes the allowed character set as 'only alphanumeric characters and hyphens'. In this PR,
TestParseGlobalFlags_EnvironmentNametreats a name containing a dot (my-env.v2) as valid. Either adjust the test expectations/validation to disallow dots, or update the error message to accurately describe whatIsValidEnvironmentNamepermits so users get correct guidance.
Agent detection (agentdetect package) walks the parent process tree and auto-enables --no-prompt when it finds an AI coding agent. In CI and local dev under Copilot CLI, this causes functional tests to fail because piped stdin is ignored when no-prompt is active. Changes: - detect.go: Early return from detectAgent() when AZD_DISABLE_AGENT_DETECT is set, suppressing both env var and parent process detection - cli.go: Set AZD_DISABLE_AGENT_DETECT=1 on all child azd processes in RunCommandWithStdIn(), with nil-Env safety (nil means inherit-all in Go) - detect_test.go: Test that AZD_DISABLE_AGENT_DETECT suppresses detection - env_test.go: Fix require.Fail -> require.Failf format string bug Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The gosec linter flags os.LookupEnv values as tainted input for log injection (G706). Remove the env var value from the log message since only the presence of the env var matters, not its value. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
spboyer
approved these changes
Mar 26, 2026
Member
spboyer
left a comment
spboyer
left a comment
There was a problem hiding this comment.
Reviewed the core fix (switching extensionAction from cmd.Flags() to globalOptions for DisableFlagParsing extensions), IoC plumbing, AZD_DISABLE_AGENT_DETECT kill switch, InvalidEnvironmentNameError refactor, and require.Fail -> require.Failf fix. No issues found.
Workflow steps that specify their own -e/--environment flag (e.g. 'azd: env set KEY VALUE -e env1') were getting the parent command's --environment appended via extractGlobalArgs(), causing the parent's value to override the step's explicit value. The environment flag is now excluded from extractGlobalArgs() since environment propagation to workflow steps is already handled by the globalOptions DI fallback in the EnvFlag resolver. Fixes Test_CLI_Up_EnvironmentFlags. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This is a redo of #7035 (which was reverted by #7274) with the prerequisite work done first. It fixes two problems:
Environment variable leak (azd <extension> -e <env> leaks default environment variables into extension process #7034): Extensions never received the correct
-e/--environmentvalue because extension commands useDisableFlagParsing: true, so cobra never parsed the flag. The DI resolver always fell back to the default environment.Flag propagation broken by revert (Revert: Fix env var leak when running extension commands with -e flag (#7035) #7274): The revert also broke
--debugand--cwdpropagation to extensions, since it changedextensions.goback to usingcmd.Flags()which returns defaults for extension commands.What changed
global_command_options.go: AddedEnvironmentNamefieldauto_install.go: Added-e/--environmenttoCreateGlobalFlagSet()with strict validation inParseGlobalFlags()(rejects invalid env names with clear error)container.go: UpdatedEnvFlagDI resolver to fall back toglobalOptions.EnvironmentNameextensions.go: UsesglobalOptions(populated before cobra) for ALLInvokeOptionsfields (debug, cwd, environment, no-prompt)environment.go: Added exportedInvalidEnvironmentNameError()for shared validation across all call sitesmanager.go: Replaced 3 inconsistent error message formats with the sharedInvalidEnvironmentNameError()-e, --environmentflag in help textauto_install_test.go: 11 new subtests (6 valid env name + 5 invalid env name)Key difference from #7035
PR #7035 added strict
-evalidation which broke extensions that reused-efor URLs. This PR is safe because PR #7313 migrates extensions off-efirst.How
globalOptionssolves itParseGlobalFlags()runs before cobra, manually parsing the rawos.Args. For extension commands (DisableFlagParsing: true), cobra skips all flag parsing, butglobalOptionsalready has the correct values. Both the DI resolver and extension invocation now read fromglobalOptionsinstead ofcmd.Flags().Closes #7034
Closes #7271
Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com