prepare release v2.2.0

.github/workflows/azure-login-positive.yml

@@ -266,10 +266,10 @@ jobs:
       run: |
         apt-get update
         apt-get install -y wget
-        wget https://ftp.debian.org/debian/pool/main/i/icu/libicu72_72.1-3_amd64.deb
-        dpkg -i libicu72_72.1-3_amd64.deb
-        wget https://github.com/PowerShell/PowerShell/releases/download/v7.5.0/powershell_7.5.0-1.deb_amd64.deb
-        dpkg -i powershell_7.5.0-1.deb_amd64.deb
+        wget https://mirror.it.ubc.ca/ubuntu/pool/main/i/icu/libicu72_72.1-3ubuntu3_amd64.deb
+        dpkg -i libicu72_72.1-3ubuntu3_amd64.deb
+        wget https://github.com/PowerShell/PowerShell/releases/download/v7.4.3/powershell_7.4.3-1.deb_amd64.deb
+        dpkg -i powershell_7.4.3-1.deb_amd64.deb
 
     - name: Check Powershell Version
       shell: pwsh

README.md

@@ -679,7 +679,7 @@ Internally in this action, we use azure CLI and execute `az login` with the cred
 
 ### GitHub Action
 
-[GitHub Actions](https://docs.github.com/actions) gives you the flexibility to build an automated software development lifecycle workflow.
+[GitHub Actions](https://help.github.com/articles/about-github-actions) gives you the flexibility to build an automated software development lifecycle workflow.
 
 ### GitHub Actions for deploying to Azure
 

__tests__/LoginConfig.test.ts

@@ -245,7 +245,7 @@ describe("LoginConfig Test", () => {
 
         let loginConfig = new LoginConfig();
         await loginConfig.initialize();
-        testValidateWithErrorMessage(loginConfig, "Ensure 'subscription-id' is supplied or 'allow-no-subscriptions' is 'true'.");
+        testValidateWithErrorMessage(loginConfig, "Ensure subscriptionId is supplied.");
     });
 
     test('validate without subscriptionId and allowNoSubscriptionsLogin=true', async () => {

package-lock.json

@@ -1278,13 +1278,11 @@
       }
     },
     "node_modules/braces": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
-      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "version": "3.0.2",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "fill-range": "^7.1.1"
+        "fill-range": "^7.0.1"
       },
       "engines": {
         "node": ">=8"
@@ -1640,9 +1638,7 @@
       }
     },
     "node_modules/fill-range": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
-      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+      "version": "7.0.1",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1668,21 +1664,6 @@
       "version": "1.0.0",
       "license": "ISC"
     },
-    "node_modules/fsevents": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
-      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
-      "dev": true,
-      "hasInstallScript": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
-      }
-    },
     "node_modules/function-bind": {
       "version": "1.1.1",
       "dev": true,
@@ -1858,8 +1839,6 @@
     },
     "node_modules/is-number": {
       "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
-      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2572,9 +2551,7 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "version": "4.17.21",
       "license": "MIT"
     },
     "node_modules/lodash.memoize": {
@@ -3148,8 +3125,6 @@
     },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
-      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {

src/Cli/AzureCliLogin.ts

@@ -8,7 +8,6 @@ export class AzureCliLogin {
     loginConfig: LoginConfig;
     azPath: string;
     loginOptions: ExecOptions;
-    azVersion: string;
 
     constructor(loginConfig: LoginConfig) {
         this.loginConfig = loginConfig;
@@ -31,12 +30,7 @@ export class AzureCliLogin {
 
         await this.executeAzCliCommand(["version"], true, execOptions);
         core.debug(`Azure CLI version used:\n${output}`);
-        try {
-            this.azVersion = JSON.parse(output)["azure-cli"];
-        }
-        catch (error) {
-            core.warning("Failed to parse Azure CLI version.");
-        }
+
         await this.registerAzurestackEnvIfNecessary();
 
         await this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
@@ -114,20 +108,7 @@ export class AzureCliLogin {
     }
 
     async loginWithUserAssignedIdentity(args: string[]) {
-        let azcliMinorVersion = 0;
-        try {
-            azcliMinorVersion = parseInt(this.azVersion.split('.')[1], 10);
-        }
-        catch (error) {
-            core.warning("Failed to parse the minor version of Azure CLI. Assuming the version is less than 2.69.0");
-        }
-        //From Azure-cli v2.69.0, `--username` is replaced with `--client-id`, `--object-id` or `--resource-id`: https://github.com/Azure/azure-cli/pull/30525
-        if (azcliMinorVersion < 69) {
-            args.push("--username", this.loginConfig.servicePrincipalId);
-        }
-        else {
-            args.push("--client-id", this.loginConfig.servicePrincipalId);
-        }
+        args.push("--username", this.loginConfig.servicePrincipalId);
         await this.callCliLogin(args, 'user-assigned managed identity');
     }
 

src/common/LoginConfig.ts

@@ -79,16 +79,11 @@ export class LoginConfig {
             this.mask(this.federatedToken);
         }
         catch (error) {
-            core.error("Failed to fetch federated token from GitHub. Please make sure to give write permissions to id-token in the workflow.");
+            core.error(`Please make sure to give write permissions to id-token in the workflow.`);
             throw error;
         }
-        try {
-            let [issuer, subjectClaim, audience, jobWorkflowRef] = await jwtParser(this.federatedToken);
-            core.info("Federated token details:\n issuer - " + issuer + "\n subject claim - " + subjectClaim + "\n audience - " + audience + "\n job_workflow_ref - " + jobWorkflowRef);
-        }
-        catch (error) {
-            core.warning(`Failed to parse the federated token. Error: ${error}`);
-        }
+        let [issuer, subjectClaim] = await jwtParser(this.federatedToken);
+        core.info("Federated token details:\n issuer - " + issuer + "\n subject claim - " + subjectClaim);
     }
 
     validate() {
@@ -104,7 +99,7 @@ export class LoginConfig {
             }
         }
         if (!this.subscriptionId && !this.allowNoSubscriptionsLogin) {
-            throw new Error("Ensure 'subscription-id' is supplied or 'allow-no-subscriptions' is 'true'.");
+            throw new Error("Ensure subscriptionId is supplied.");
         }
     }
 
@@ -119,20 +114,5 @@ async function jwtParser(federatedToken: string) {
     let tokenPayload = federatedToken.split('.')[1];
     let bufferObj = Buffer.from(tokenPayload, "base64");
     let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
-    const JWT_CLAIM_ISSUER = 'iss';
-    const JWT_CLAIM_SUBJECT = 'sub';
-    const JWT_CLAIM_AUDIENCE = 'aud';
-    const JWT_CLAIM_JOB_WORKFLOW_REF = 'job_workflow_ref';
-    const requiredClaims = [
-        JWT_CLAIM_ISSUER,
-        JWT_CLAIM_SUBJECT,
-        JWT_CLAIM_AUDIENCE,
-        JWT_CLAIM_JOB_WORKFLOW_REF
-    ];
-    for (const claim of requiredClaims) {
-        if (!decodedPayload[claim]) {
-            throw new Error(`The claim '${claim}' is missing from the token payload`);
-        }
-    }
-    return [decodedPayload[JWT_CLAIM_ISSUER], decodedPayload[JWT_CLAIM_SUBJECT], decodedPayload[JWT_CLAIM_AUDIENCE], decodedPayload[JWT_CLAIM_JOB_WORKFLOW_REF]];   
-}   
+    return [decodedPayload['iss'], decodedPayload['sub']];
+}