Merge branch 'master' into ganeshrockz/no-subscription-login

* Updating telemetry to remove Hashing of repo name

We have CELA sign off to log user name in telemetry instead of a Hash.. It will also help us map repo names with Azure subscriptions directly.

* Update main.ts

* adding lib/main.js

* adding main.ts

Co-authored-by: Ashish Ranjan <asranja@github.com>
Co-authored-by: aksm-ms <58936966+aksm-ms@users.noreply.github.com>

README.md

@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: azure/login@v1.1
+    - uses: azure/login@v1
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
@@ -57,7 +57,7 @@ jobs:
     steps:
 
     - name: Login via Az module
-      uses: azure/login@v1.1
+      uses: azure/login@v1
       with:
         creds: ${{secrets.AZURE_CREDENTIALS}}
         enable-AzPSSession: true 
@@ -86,7 +86,7 @@ The following steps describe how to create the service principal, assign the rol
 
 1. Open the Azure Cloud Shell at [https://shell.azure.com](https://shell.azure.com). You can alternately use the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) if you've installed it locally. (For more information on Cloud Shell, see the [Cloud Shell Overview](https://docs.microsoft.com/azure/cloud-shell/overview).)
   
-2. Use the [az ad dp create-for-rbac](https://docs.microsoft.com/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_create_for_rbac) command to create a service principal and assign a Contributor role:
+2. Use the [az ad sp create-for-rbac](https://docs.microsoft.com/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_create_for_rbac) command to create a service principal and assign a Contributor role:
 
     ```azurecli
     az ad sp create-for-rbac --name "{sp-name}" --sdk-auth --role contributor \

__tests__/PowerShell/ServicePrinicipalLogin.test.ts

@@ -5,7 +5,7 @@ jest.mock('../../src/PowerShell/Utilities/PowerShellToolRunner');
 let spnlogin: ServicePrincipalLogin;
 
 beforeAll(() => {
-    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId");
+    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId", false);
 });
 
 afterEach(() => {

__tests__/PowerShell/Utilities/ScriptBuilder.test.ts

@@ -0,0 +1,25 @@
+import ScriptBuilder from "../../../src/PowerShell/Utilities/ScriptBuilder";
+import Constants from "../../../src/PowerShell/Constants";
+
+describe("Getting AzLogin PS script" , () => {
+    const scheme = Constants.ServicePrincipal;
+    let args: any = {
+        servicePrincipalId: "service-principal-id",
+        servicePrincipalKey: "service-principal-key",
+        environment: "environment",
+        scopeLevel: Constants.Subscription,
+        subscriptionId: "subId",
+        allowNoSubscriptionsLogin: true
+    }
+
+    test("PS script should not set context while passing allowNoSubscriptionsLogin as true", () => {
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeFalsy();
+    });
+
+    test("PS script should set context while passing allowNoSubscriptionsLogin as false", () => {
+        args["allowNoSubscriptionsLogin"] = false;
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeTruthy();
+    });
+});

action.yml

@@ -9,6 +9,10 @@ inputs:
     description: 'Set this value to true to enable Azure PowerShell Login in addition to Az CLI login'
     required: false
     default: false
+  allow-no-subscriptions:
+    description: 'Set this value to true to enable support for accessing tenants without subscriptions'
+    required: false
+    default: false
 branding:
   icon: 'login.svg'
   color: 'blue'

lib/main.js

@@ -17,7 +17,6 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const crypto = __importStar(require("crypto"));
 const exec = __importStar(require("@actions/exec"));
 const io = __importStar(require("@actions/io"));
 const actions_secret_parser_1 = require("actions-secret-parser");
@@ -30,7 +29,7 @@ function main() {
         try {
             // Set user agent variable
             var isAzCLISuccess = false;
-            let usrAgentRepo = crypto.createHash('sha256').update(`${process.env.GITHUB_REPOSITORY}`).digest('hex');
+            let usrAgentRepo = `${process.env.GITHUB_REPOSITORY}`;
             let actionName = 'AzureLogin';
             let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
             let azurePSHostEnv = (!!azPSHostEnv ? `${azPSHostEnv}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;

package-lock.json

@@ -5,9 +5,9 @@
   "requires": true,
   "dependencies": {
     "@actions/core": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.1.3.tgz",
-      "integrity": "sha512-2BIib53Jh4Cfm+1XNuZYYGTeRo8yiWEAUMoliMh1qQGMaqTF4VUlhhcsBylTu4qWmUx45DrY0y0XskimAHSqhw=="
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
+      "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
     },
     "@actions/exec": {
       "version": "1.0.1",

package.json

@@ -18,7 +18,7 @@
     "typescript": "^3.6.3"
   },
   "dependencies": {
-    "@actions/core": "^1.1.3",
+    "@actions/core": "^1.2.6",
     "@actions/exec": "^1.0.1",
     "@actions/io": "^1.0.1",
     "actions-secret-parser": "^1.0.2"

src/PowerShell/ServicePrincipalLogin.ts

@@ -13,12 +13,18 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession {
     servicePrincipalKey: string;
     tenantId: string;
     subscriptionId: string;
+    allowNoSubscriptionsLogin: boolean;
 
-    constructor(servicePrincipalId: string, servicePrincipalKey: string, tenantId: string, subscriptionId: string) {
+    constructor(servicePrincipalId: string, 
+        servicePrincipalKey: string, 
+        tenantId: string, 
+        subscriptionId: string,
+        allowNoSubscriptionsLogin: boolean) {
         this.servicePrincipalId = servicePrincipalId;
         this.servicePrincipalKey = servicePrincipalKey;
         this.tenantId = tenantId;
         this.subscriptionId = subscriptionId;
+        this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
     }
 
     async initialize() {
@@ -42,7 +48,8 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession {
             servicePrincipalKey: this.servicePrincipalKey,
             subscriptionId: this.subscriptionId,
             environment: ServicePrincipalLogin.environment,
-            scopeLevel: ServicePrincipalLogin.scopeLevel
+            scopeLevel: ServicePrincipalLogin.scopeLevel,
+            allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin
         }
         const script: string = new ScriptBuilder().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
         await PowerShellToolRunner.init();

src/PowerShell/Utilities/ScriptBuilder.ts

@@ -12,7 +12,7 @@ export default class ScriptBuilder {
             command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
             (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
                 -Environment '${args.environment}' | out-null;`;
-            if (args.scopeLevel === Constants.Subscription) {
+            if (args.scopeLevel === Constants.Subscription && !args.allowNoSubscriptionsLogin) {
                 command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`;
             }
         }

src/main.ts

@@ -1,5 +1,4 @@
 import * as core from '@actions/core';
-import * as crypto from "crypto";
 import * as exec from '@actions/exec';
 import * as io from '@actions/io';
 
@@ -14,7 +13,7 @@ async function main() {
     try {
         // Set user agent variable
         var isAzCLISuccess = false;
-        let usrAgentRepo = crypto.createHash('sha256').update(`${process.env.GITHUB_REPOSITORY}`).digest('hex');
+        let usrAgentRepo = `${process.env.GITHUB_REPOSITORY}`;
         let actionName = 'AzureLogin';
         let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
         let azurePSHostEnv = (!!azPSHostEnv ? `${azPSHostEnv}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
@@ -31,17 +30,28 @@ async function main() {
         let tenantId = secrets.getSecret("$.tenantId", false);
         let subscriptionId = secrets.getSecret("$.subscriptionId", false);
         const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
-        if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !subscriptionId) {
-            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret, tenantId and subscriptionId are supplied.");
+        const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
+        if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
+            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
         }
+
+        if (!subscriptionId && !allowNoSubscriptionsLogin) {
+            throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
+        }
+
         // Attempting Az cli login
-        await executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
-        await executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+        if (allowNoSubscriptionsLogin) {
+            await executeAzCliCommand(`login --allow-no-subscriptions --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
+        }
+        else {
+            await executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
+            await executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+        }
         isAzCLISuccess = true;
         if (enableAzPSSession) {
             // Attempting Az PS login
             console.log(`Running Azure PS Login`);
-            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId);
+            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin);
             await spnlogin.initialize();
             await spnlogin.login();
         }
@@ -69,4 +79,4 @@ async function executeAzCliCommand(command: string, silent?: boolean) {
     }
 }
 
-main();
+main();