azure/login
1
0
Fork 0
mirror of https://github.com/azure/login.git synced 2026-03-13 18:17:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Handling warnings and adding OIDC promotion message release PR (#222)

Browse Source 
* added handling warnings
This commit is contained in:
Balaga Gayatri
2022-05-02 19:47:11 +05:30
committed by GitHub
parent 30a3a45036
commit ec3c14589b
3 changed files with 28 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -207,11 +207,13 @@ Follow the steps to configure Azure Service Principal with a secret:
# The command should output a JSON object similar to this:
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"clientSecret": "<STRING>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
"resourceManagerEndpointUrl": "<URL>"
(...)
}
@@ -219,6 +221,10 @@ Follow the steps to configure Azure Service Principal with a secret:
* Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above)
* Note: The above `az ad sp create-for-rbac` command will give you the `--sdk-auth` deprecation warning. As we are working with CLI for this deprecation process, we strongly recommend users to use this `--sdk-auth` flag as the result dictionary output changes and not accepted by login action if `--sdk-auth` is not used.
### Manually creating the Credentials object
If you already created and assigned a Service Principal in Azure you can manually create the .json object above by finding the `clientId` and `clientSecret` on the Service Principal, and your `subscriptionId` and `tenantId` of the subscription and tenant respectively. The `resourceManagerEndpointUrl` will be `https://management.azure.com/` if you are using the public Azure cloud.
### Configure a service principal with a Federated Credential to use OIDC based authentication:
@@ -234,7 +240,7 @@ You can add federated credentials in the Azure portal or with the Microsoft Grap
7. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims).
8. Add a **Name** for the federated credential.
9. Click **Add** to configure the federated credential.
10. Make sure the above created application has the `contributor` access to the provided subscription.
10. Make sure the above created application has the `contributor` access to the provided subscription. Visit [role-based-access-control](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current#prerequisites) for more details.
For a more detailed overview, see more guidance around [Azure Federated Credentials](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust-github).

21
lib/main.js
View File

@@ -40,22 +40,20 @@ function main() {
return __awaiter(this, void 0, void 0, function* () {
try {
//Options for error handling
let commandStdErr = false;
const loginOptions = {
silent: true,
ignoreReturnCode: true,
failOnStdErr: true,
listeners: {
stderr: (data) => {
let error = data.toString();
//removing the keyword 'ERROR' to avoid duplicates while throwing error
if (error.toLowerCase().startsWith('error')) {
error = error.slice(5);
}
// printing error
if (error && error.trim().length !== 0) {
commandStdErr = true;
core.error(error);
let startsWithWarning = error.toLowerCase().startsWith('warning');
let startsWithError = error.toLowerCase().startsWith('error');
// printing ERROR
if (error && error.trim().length !== 0 && !startsWithWarning) {
if (startsWithError) {
//removing the keyword 'ERROR' to avoid duplicates while throwing error
error = error.slice(5);
}
core.setFailed(error);
}
}
}
@@ -190,6 +188,7 @@ function main() {
commonArgs = commonArgs.concat("--federated-token", federatedToken);
}
else {
console.log("Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.");
commonArgs = commonArgs.concat("-p", servicePrincipalKey);
}
yield executeAzCliCommand(`login`, true, loginOptions, commonArgs);

21
src/main.ts
View File

@@ -12,22 +12,20 @@ var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREP
async function main() {
try {
//Options for error handling
let commandStdErr = false;
const loginOptions: ExecOptions = {
silent: true,
ignoreReturnCode: true,
failOnStdErr: true,
listeners: {
stderr: (data: Buffer) => {
let error = data.toString();
//removing the keyword 'ERROR' to avoid duplicates while throwing error
if (error.toLowerCase().startsWith('error')) {
error = error.slice(5);
}
// printing error
if (error && error.trim().length !== 0) {
commandStdErr = true;
core.error(error);
let startsWithWarning = error.toLowerCase().startsWith('warning');
let startsWithError = error.toLowerCase().startsWith('error');
// printing ERROR
if (error && error.trim().length !== 0 && !startsWithWarning) {
if(startsWithError) {
//removing the keyword 'ERROR' to avoid duplicates while throwing error
error = error.slice(5);
}
core.setFailed(error);
}
}
}
@@ -174,6 +172,7 @@ async function main() {
commonArgs = commonArgs.concat("--federated-token", federatedToken);
}
else {
console.log("Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.")
commonArgs = commonArgs.concat("-p", servicePrincipalKey);
}
await executeAzCliCommand(`login`, true, loginOptions, commonArgs);