update readme

* Updating instructions to include Azure Stack Hub

Added sample work flow for ASH and service principle instructions

* Updating based on PR feedback

- Added a description to environment parameter
- Updated instructions to say "required only for ash" for service principle instructions

Co-authored-by: Amruta Kawade <65217380+AmrutaKawade@users.noreply.github.com>

.github/ISSUE_TEMPLATE/bug-report---feature-request.md

@@ -0,0 +1,10 @@
+---
+name: Bug Report / Feature Request
+about: Create a report to help us improve
+title: ''
+labels: need-to-triage
+assignees: ''
+
+---
+
+

.github/issue-label-bot.yaml

@@ -0,0 +1,4 @@
+label-alias:
+  bug: 'bug'
+  feature_request: 'enhancement'
+  question: 'question'

.github/workflows/ci.yml

@@ -0,0 +1,28 @@
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build_test_job:
+    name: 'Build and test job'
+    runs-on: ${{ matrix.os }}
+    strategy:
+        matrix:
+          os: [windows-latest, ubuntu-latest]
+    steps:
+
+    - name: 'Checking out repo code'
+      uses: actions/checkout@v2
+
+    - name: 'Validate build'
+      run: |
+        npm install
+        npm run build
+        
+    - name: 'Run L0 tests'
+      run: |
+        npm run test

.github/workflows/codeql.yml

@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 19 * * 0'
+
+jobs:
+  CodeQL-Build:
+
+    # CodeQL runs on ubuntu-latest and windows-latest
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+      
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

README.md

@@ -1,103 +1,213 @@
-# GitHub Actions for deploying to Azure
-
-## Automate your GitHub workflows using Azure Actions
-
-[GitHub Actions](https://help.github.com/en/articles/about-github-actions)  gives you the flexibility to build an automated software development lifecycle workflow. With [GitHub Actions for Azure](https://github.com/Azure/actions/) you can create workflows that you can set up in your repository to build, test, package, release and **deploy** to Azure. 
-
-# GitHub Action for Azure Login
-With the Azure login Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) and run Az CLI scripts.
-
-Get started today with a [free Azure account](https://azure.com/free/open-source)!
-
-This repository contains GitHub Action for [Azure Login](https://github.com/Azure/login/blob/master/action.yml).
-
-## Sample workflow that uses Azure login action to run az cli
-
-```yaml
-
-# File: .github/workflows/workflow.yml
-
-on: [push]
-
-name: AzureLoginSample
-
-jobs:
-
-  build-and-deploy:
-    runs-on: ubuntu-latest
-    steps:
-    
-    - uses: azure/login@v1
-      with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
-    
-    - run: |
-        az webapp list --query "[?state=='Running']"
-
-```
-
-## Configure deployment credentials:
-
-For any credentials like Azure Service Principal, Publish Profile etc add them as [secrets](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables) in the GitHub repository and then use them in the workflow.
-
-The above example uses user-level credentials i.e., Azure Service Principal for deployment. 
-
-Follow the steps to configure the secret:
-  * Define a new secret under your repository settings, Add secret menu
-  * Store the output of the below [az cli](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest) command as the value of secret variable, for example 'AZURE_CREDENTIALS'
-```bash  
-
-   az ad sp create-for-rbac --name "myApp" --role contributor \
-                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
-                            --sdk-auth
-                            
-  # Replace {subscription-id}, {resource-group} with the subscription, resource group details
-
-  # The command should output a JSON object similar to this:
-
-  {
-    "clientId": "<GUID>",
-    "clientSecret": "<GUID>",
-    "subscriptionId": "<GUID>",
-    "tenantId": "<GUID>",
-    (...)
-  }
-  
-```
-  * Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above)
-
-
-# Azure Login metadata file
-
-```yaml
-
-# action.yml
-
-# Login to Azure subscription
-name: 'Login Azure'
-description: 'Login Azure wraps the az login, allowing for Azure actions to log into Azure'
-inputs: 
-  creds: # id of input
-    description: 'Paste the contents of `az ad sp create-for-rbac... as value of secret variable: AZURE_CREDENTIALS'
-    required: true
-branding:
-  icon: 'login.svg' 
-  color: 'blue' 
-runs:
-  using: 'node12'
-  main: 'main.js'
-```
-
-# Contributing
-
-This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
-
-When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-provided by the bot. You will only need to do this once across all repos using our CLA.
-
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+# GitHub Actions for deploying to Azure
+
+## Automate your GitHub workflows using Azure Actions
+
+[GitHub Actions](https://help.github.com/en/articles/about-github-actions) gives you the flexibility to build an automated software development lifecycle workflow. 
+
+With [GitHub Actions for Azure](https://github.com/Azure/actions/) you can create workflows that you can set up in your repository to build, test, package, release and **deploy** to Azure.
+
+NOTE: you must have write permissions to the repository in question. If you're using a sample repository from Microsoft, be sure to first fork the repository to your own GitHub account.
+
+Get started today with a [free Azure account](https://azure.com/free/open-source).
+
+# GitHub Action for Azure Login
+
+With the Azure login Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) and run Azure CLI and Azure PowerShell scripts. You can leverage this action for the public or soverign clouds including Azure Government and Azure Stack Hub (using the `environment` parameter).  
+
+By default, the action only logs in with the Azure CLI (using the `az login` command). To log in with the Az PowerShell module, set `enable-AzPSSession` to true. To login to Azure tenants without any subscriptions, set the optional parameter `allow-no-subscriptions` to true. 
+
+To login into one of the Azure Government clouds, set the optional parameter environment with supported cloud names AzureUSGovernment or AzureChinaCloud. If this parameter is not specified, it takes the default value AzureCloud and connect to the Azure Public Cloud. Additionally the parameter creds takes the Azure service principal created in the particular cloud to connect (Refer to Configure deployment credentials section below for details).
+
+This repository contains GitHub Action for [Azure Login](https://github.com/Azure/login/blob/master/action.yml).
+
+## Sample workflow that uses Azure login action to run az cli
+
+```yaml
+# File: .github/workflows/workflow.yml
+
+on: [push]
+
+name: AzureLoginSample
+
+jobs:
+
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - run: |
+        az webapp list --query "[?state=='Running']"
+```
+
+## Sample workflow that uses Azure login action to run Azure PowerShell
+
+```yaml
+# File: .github/workflows/workflow.yml
+
+on: [push]
+
+name: AzurePowerShellSample
+
+jobs:
+
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Login via Az module
+      uses: azure/login@v1
+      with:
+        creds: ${{secrets.AZURE_CREDENTIALS}}
+        enable-AzPSSession: true 
+
+    - name: Run Az CLI script
+      run: |
+        az webapp list --query "[?state=='Running']"
+
+    - name: Run Azure PowerShell script
+      uses: azure/powershell@v1
+      with:
+        azPSVersion: '3.1.0'
+        inlineScript: |
+          Get-AzVM -ResourceGroupName "ActionsDemo"
+```
+
+## Sample to connect to Azure US Government cloud
+
+```
+   - name: Login to Azure US Gov Cloud with CLI 
+     uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
+          environment: 'AzureUSGovernment'
+          enable-AzPSSession: false
+   - name: Login to Azure US Gov Cloud with Az Powershell
+      uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
+          environment: 'AzureUSGovernment'
+          enable-AzPSSession: true
+```
+
+Refer to the [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
+
+## Sample Azure Login workflow that to run az cli on Azure Stack Hub
+
+```yaml
+
+# File: .github/workflows/workflow.yml
+
+on: [push]
+
+name: AzureLoginSample
+
+jobs:
+
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+    
+    - uses: azure/login@AzureStackSupport-Beta
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+        environment: 'AzureStack'
+    
+    - run: |
+        az webapp list --query "[?state=='Running']"
+
+```
+## Configure deployment credentials:
+
+The previous sample workflows depend on a [secrets](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets) named `AZURE_CREDENTIALS` in your repository. The value of this secret is expected to be a JSON object that represents a service principal (an identifer for an application or process) that authenticates the workflow with Azure.
+
+To function correctly, this service principal must be assigned the [Contributor]((https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor)) role for the web app or the resource group that contains the web app.
+
+The following steps describe how to create the service principal, assign the role, and create a secret in your repository with the resulting credentials.
+
+1. Open the Azure Cloud Shell at [https://shell.azure.com](https://shell.azure.com). You can alternately use the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) if you've installed it locally. (For more information on Cloud Shell, see the [Cloud Shell Overview](https://docs.microsoft.com/azure/cloud-shell/overview).)
+
+    1.1 **(Required ONLY when environment is Azure Stack Hub)** Run the following command to set the SQL Management endpoint to 'not supported'
+      ```bash  
+
+      az cloud update -n {environmentName} --endpoint-sql-management https://notsupported 
+
+      ```
+  
+2. Use the [az ad sp create-for-rbac](https://docs.microsoft.com/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_create_for_rbac) command to create a service principal and assign a Contributor role:
+
+    ```azurecli
+    az ad sp create-for-rbac --name "{sp-name}" --sdk-auth --role contributor \
+        --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Web/sites/{app-name}
+    ```
+
+    Replace the following:
+      * `{sp-name}` with a suitable name for your service principal, such as the name of the app itself. The name must be unique within your organization.
+      * `{subscription-id}` with the subscription you want to use
+      * `{resource-group}` the resource group containing the web app.
+      * `{app-name}` with the name of the web app.
+
+    This command invokes Azure Active Directory (via the `ad` part of the command) to create a service principal (via `sp`) specifically for [Role-Based Access Control (RBAC)](https://docs.microsoft.com/azure/role-based-access-control/overview) (via `create-for-rbac`).
+
+    The `--role` argument specifies the permissions to grant to the service principal at the specified `--scope`. In this case, you grant the built-in [Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor) role at the scope of the web app in the specified resource group in the specified subscription.
+
+    If desired, you can omit the part of the scope starting with `/providers/...` to grant the service principal the Contributor role for the entire resource group:
+
+    ```azurecli  
+    az ad sp create-for-rbac --name "{sp-name}" --sdk-auth --role contributor \
+        --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}
+    ```
+
+    For security purposes, however, it's always preferable to grant permissions at the most restrictive scope possible.
+
+3. When complete, the `az ad sp create-for-rbac` command displays JSON output in the following form (which is specified by the `--sdk-auth` argument):
+
+    ```json
+    {
+      "clientId": "<GUID>",
+      "clientSecret": "<GUID>",
+      "subscriptionId": "<GUID>",
+      "tenantId": "<GUID>",
+      (...)
+    }
+    ```
+
+4. In your repository, use **Add secret** to create a new secret named `AZURE_CREDENTIALS` (as shown in the example workflow), or using whatever name is in your workflow file.
+
+5. Paste the entire JSON object produced by the `az ad sp create-for-rbac` command as the secret value and save the secret.
+
+NOTE: to manage service principals created with `az ad sp create-for-rbac`, visit the [Azure portal](https://portal.azure.com), navigate to your Azure Active Directory, then select **Manage** > **App registrations** on the left-hand menu. Your service principal should appear in the list. Select a principal to navigate to its properties. You can also manage role assignments using the [az role assignment](https://docs.microsoft.com/cli/azure/role/assignment?view=azure-cli-latest) command.
+
+## Support for using `allow-no-subscriptions` flag with az login
+
+Capability has been added to support access to tenants without subscriptions. This can be useful to run tenant level commands, such as `az ad`. The action accepts an optional parameter `allow-no-subscriptions` which is `false` by default.
+
+```yaml
+# File: .github/workflows/workflow.yml
+
+on: [push]
+
+name: AzureLoginWithNoSubscriptions
+
+jobs:
+
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+        allow-no-subscriptions: true
+```
+
+# Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

__tests__/PowerShell/ServicePrinicipalLogin.test.ts

@@ -0,0 +1,38 @@
+import { ServicePrincipalLogin } from '../../src/PowerShell/ServicePrincipalLogin';
+
+jest.mock('../../src/PowerShell/Utilities/Utils');
+jest.mock('../../src/PowerShell/Utilities/PowerShellToolRunner');
+let spnlogin: ServicePrincipalLogin;
+
+beforeAll(() => {
+    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId", false, null, null);
+});
+
+afterEach(() => {
+    jest.restoreAllMocks();
+});
+
+describe('Testing initialize', () => {
+    let initializeSpy;
+    
+    beforeEach(() => {
+        initializeSpy = jest.spyOn(spnlogin, 'initialize');
+    });
+    test('ServicePrincipalLogin initialize should pass', async () => {
+        await spnlogin.initialize();
+        expect(initializeSpy).toHaveBeenCalled();
+    });
+});
+
+describe('Testing login', () => {
+    let loginSpy;
+    
+    beforeEach(() => {
+        loginSpy = jest.spyOn(spnlogin, 'login');
+    });
+    test('ServicePrincipal login should pass', async () => {
+        loginSpy.mockImplementationOnce(() => Promise.resolve());
+        await spnlogin.login();
+        expect(loginSpy).toHaveBeenCalled();
+    });
+});

__tests__/PowerShell/Utilities/ScriptBuilder.test.ts

@@ -0,0 +1,25 @@
+import ScriptBuilder from "../../../src/PowerShell/Utilities/ScriptBuilder";
+import Constants from "../../../src/PowerShell/Constants";
+
+describe("Getting AzLogin PS script" , () => {
+    const scheme = Constants.ServicePrincipal;
+    let args: any = {
+        servicePrincipalId: "service-principal-id",
+        servicePrincipalKey: "service-principal-key",
+        environment: "environment",
+        scopeLevel: Constants.Subscription,
+        subscriptionId: "subId",
+        allowNoSubscriptionsLogin: true
+    }
+
+    test("PS script should not set context while passing allowNoSubscriptionsLogin as true", () => {
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeFalsy();
+    });
+
+    test("PS script should set context while passing allowNoSubscriptionsLogin as false", () => {
+        args["allowNoSubscriptionsLogin"] = false;
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeTruthy();
+    });
+});

__tests__/PowerShell/Utilities/Utils.test.ts

@@ -0,0 +1,45 @@
+import Utils from '../../../src/PowerShell/Utilities/Utils';
+
+const version: string = '9.0.0';
+const moduleName: string = 'az';
+
+afterEach(() => {
+    jest.restoreAllMocks();
+});
+
+describe('Testing isValidVersion', () => {
+    const validVersion: string = '1.2.4';
+    const invalidVersion: string = 'a.bcd';
+
+    test('isValidVersion should be true', () => {
+        expect(Utils.isValidVersion(validVersion)).toBeTruthy();
+    });
+    test('isValidVersion should be false', () => {
+        expect(Utils.isValidVersion(invalidVersion)).toBeFalsy();
+    });
+});
+
+describe('Testing setPSModulePath', () => {
+    test('PSModulePath with azPSVersion non-empty', () => {
+        Utils.setPSModulePath(version);
+        expect(process.env.PSModulePath).toContain(version);
+    });
+    test('PSModulePath with azPSVersion empty', () => {
+        const prevPSModulePath = process.env.PSModulePath;
+        Utils.setPSModulePath();
+        expect(process.env.PSModulePath).not.toEqual(prevPSModulePath);
+    });
+});
+
+describe('Testing getLatestModule', () => {
+    let getLatestModuleSpy;
+
+    beforeEach(() => {
+        getLatestModuleSpy = jest.spyOn(Utils, 'getLatestModule');
+    });
+    test('getLatestModule should pass', async () => {
+        getLatestModuleSpy.mockImplementationOnce((_moduleName: string) => Promise.resolve(version));
+        await Utils.getLatestModule(moduleName);
+        expect(getLatestModuleSpy).toHaveBeenCalled();
+    });
+});

action.yml

@@ -1,10 +1,22 @@
 # Login to Azure subscription
 name: 'Azure Login'
-description: 'Azure Login wraps the az login, allowing Azure actions to log into Azure or to run Az CLI scripts. github.com/Azure/Actions'
+description: 'Authenticate to Azure and run your Az CLI or Az PowerShell based Actions or scripts. github.com/Azure/Actions'
 inputs: 
   creds:
     description: 'Paste output of `az ad sp create-for-rbac` as value of secret variable: AZURE_CREDENTIALS'
     required: true
+  enable-AzPSSession: 
+    description: 'Set this value to true to enable Azure PowerShell Login in addition to Az CLI login'
+    required: false
+    default: false
+  environment:
+    description: 'Name of the environment. Supported values are azurecloud, azurestack, azureusgovernment, azurechinacloud, azuregermancloud. Default being azurecloud'
+    required: false
+    default: AzureCloud
+  allow-no-subscriptions:
+    description: 'Set this value to true to enable support for accessing tenants without subscriptions'
+    required: false
+    default: false
 branding:
   icon: 'login.svg'
   color: 'blue'

jest.config.js

@@ -0,0 +1,14 @@
+// For a detailed explanation regarding each configuration property, visit:
+// https://jestjs.io/docs/en/configuration.html
+
+module.exports = {
+  clearMocks: true,
+  moduleFileExtensions: ['js', 'ts'],
+  testEnvironment: 'node',
+  testMatch: ['**/*.test.ts'],
+  testRunner: 'jest-circus/runner',
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  verbose: true
+};

lib/PowerShell/Constants.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+class Constants {
+}
+exports.default = Constants;
+Constants.prefix = "az_";
+Constants.moduleName = "Az.Accounts";
+Constants.versionPattern = /[0-9]\.[0-9]\.[0-9]/;
+Constants.AzureCloud = "AzureCloud";
+Constants.Subscription = "Subscription";
+Constants.ServicePrincipal = "ServicePrincipal";
+Constants.Success = "Success";
+Constants.Error = "Error";
+Constants.AzVersion = "AzVersion";

lib/PowerShell/ServicePrincipalLogin.js

@@ -0,0 +1,77 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const Utils_1 = __importDefault(require("./Utilities/Utils"));
+const PowerShellToolRunner_1 = __importDefault(require("./Utilities/PowerShellToolRunner"));
+const ScriptBuilder_1 = __importDefault(require("./Utilities/ScriptBuilder"));
+const Constants_1 = __importDefault(require("./Constants"));
+class ServicePrincipalLogin {
+    constructor(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl) {
+        this.servicePrincipalId = servicePrincipalId;
+        this.servicePrincipalKey = servicePrincipalKey;
+        this.tenantId = tenantId;
+        this.subscriptionId = subscriptionId;
+        this.environment = environment;
+        this.resourceManagerEndpointUrl = resourceManagerEndpointUrl;
+        this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
+    }
+    initialize() {
+        return __awaiter(this, void 0, void 0, function* () {
+            Utils_1.default.setPSModulePath();
+            const azLatestVersion = yield Utils_1.default.getLatestModule(Constants_1.default.moduleName);
+            core.debug(`Az Module version used: ${azLatestVersion}`);
+            Utils_1.default.setPSModulePath(`${Constants_1.default.prefix}${azLatestVersion}`);
+        });
+    }
+    login() {
+        return __awaiter(this, void 0, void 0, function* () {
+            let output = "";
+            const options = {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString();
+                    }
+                }
+            };
+            const args = {
+                servicePrincipalId: this.servicePrincipalId,
+                servicePrincipalKey: this.servicePrincipalKey,
+                subscriptionId: this.subscriptionId,
+                environment: this.environment,
+                scopeLevel: ServicePrincipalLogin.scopeLevel,
+                allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin,
+                resourceManagerEndpointUrl: this.resourceManagerEndpointUrl
+            };
+            const script = new ScriptBuilder_1.default().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
+            yield PowerShellToolRunner_1.default.init();
+            yield PowerShellToolRunner_1.default.executePowerShellScriptBlock(script, options);
+            const result = JSON.parse(output.trim());
+            if (!(Constants_1.default.Success in result)) {
+                throw new Error(`Azure PowerShell login failed with error: ${result[Constants_1.default.Error]}`);
+            }
+            console.log(`Azure PowerShell session successfully initialized`);
+        });
+    }
+}
+exports.ServicePrincipalLogin = ServicePrincipalLogin;
+ServicePrincipalLogin.scopeLevel = Constants_1.default.Subscription;
+ServicePrincipalLogin.scheme = Constants_1.default.ServicePrincipal;

lib/PowerShell/Utilities/PowerShellToolRunner.js

@@ -0,0 +1,35 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const io = __importStar(require("@actions/io"));
+const exec = __importStar(require("@actions/exec"));
+class PowerShellToolRunner {
+    static init() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!PowerShellToolRunner.psPath) {
+                PowerShellToolRunner.psPath = yield io.which("pwsh", true);
+            }
+        });
+    }
+    static executePowerShellScriptBlock(scriptBlock, options = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield exec.exec(`"${PowerShellToolRunner.psPath}" -Command`, [scriptBlock], options);
+        });
+    }
+}
+exports.default = PowerShellToolRunner;

lib/PowerShell/Utilities/ScriptBuilder.js

@@ -0,0 +1,65 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const Constants_1 = __importDefault(require("../Constants"));
+class ScriptBuilder {
+    constructor() {
+        this.script = "";
+    }
+    getAzPSLoginScript(scheme, tenantId, args) {
+        let command = `Clear-AzContext -Scope Process;
+             Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue;`;
+        if (scheme === Constants_1.default.ServicePrincipal) {
+            if (args.environment.toLowerCase() == "azurestack") {
+                command += `Add-AzEnvironment -Name ${args.environment} -ARMEndpoint ${args.resourceManagerEndpointUrl} | out-null;`;
+            }
+            command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
+            (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
+                -Environment '${args.environment}' | out-null;`;
+            if (args.scopeLevel === Constants_1.default.Subscription && !args.allowNoSubscriptionsLogin) {
+                command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`;
+            }
+        }
+        this.script += `try {
+            $ErrorActionPreference = "Stop"
+            $WarningPreference = "SilentlyContinue"
+            $output = @{}
+            ${command}
+            $output['${Constants_1.default.Success}'] = "true"
+        }
+        catch {
+            $output['${Constants_1.default.Error}'] = $_.exception.Message
+        }
+        return ConvertTo-Json $output`;
+        core.debug(`Azure PowerShell Login Script: ${this.script}`);
+        return this.script;
+    }
+    getLatestModuleScript(moduleName) {
+        const command = `Get-Module -Name ${moduleName} -ListAvailable | Sort-Object Version -Descending | Select-Object -First 1`;
+        this.script += `try {
+            $ErrorActionPreference = "Stop"
+            $WarningPreference = "SilentlyContinue"
+            $output = @{}
+            $data = ${command}
+            $output['${Constants_1.default.AzVersion}'] = $data.Version.ToString()
+            $output['${Constants_1.default.Success}'] = "true"
+        }
+        catch {
+            $output['${Constants_1.default.Error}'] = $_.exception.Message
+        }
+        return ConvertTo-Json $output`;
+        core.debug(`GetLatestModuleScript: ${this.script}`);
+        return this.script;
+    }
+}
+exports.default = ScriptBuilder;

lib/PowerShell/Utilities/Utils.js

@@ -0,0 +1,80 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const os = __importStar(require("os"));
+const Constants_1 = __importDefault(require("../Constants"));
+const ScriptBuilder_1 = __importDefault(require("./ScriptBuilder"));
+const PowerShellToolRunner_1 = __importDefault(require("./PowerShellToolRunner"));
+class Utils {
+    /**
+     * Add the folder path where Az modules are present to PSModulePath based on runner
+     * @param azPSVersion
+     * If azPSVersion is empty, folder path in which all Az modules are present are set
+     * If azPSVersion is not empty, folder path of exact Az module version is set
+     */
+    static setPSModulePath(azPSVersion = "") {
+        let modulePath = "";
+        const runner = process.env.RUNNER_OS || os.type();
+        switch (runner.toLowerCase()) {
+            case "linux":
+                modulePath = `/usr/share/${azPSVersion}:`;
+                break;
+            case "windows":
+            case "windows_nt":
+                modulePath = `C:\\Modules\\${azPSVersion};`;
+                break;
+            case "macos":
+            case "darwin":
+                throw new Error(`OS not supported`);
+            default:
+                throw new Error(`Unknown os: ${runner.toLowerCase()}`);
+        }
+        process.env.PSModulePath = `${modulePath}${process.env.PSModulePath}`;
+    }
+    static getLatestModule(moduleName) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let output = "";
+            const options = {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString();
+                    }
+                }
+            };
+            yield PowerShellToolRunner_1.default.init();
+            yield PowerShellToolRunner_1.default.executePowerShellScriptBlock(new ScriptBuilder_1.default()
+                .getLatestModuleScript(moduleName), options);
+            const result = JSON.parse(output.trim());
+            if (!(Constants_1.default.Success in result)) {
+                throw new Error(result[Constants_1.default.Error]);
+            }
+            const azLatestVersion = result[Constants_1.default.AzVersion];
+            if (!Utils.isValidVersion(azLatestVersion)) {
+                throw new Error(`Invalid AzPSVersion: ${azLatestVersion}`);
+            }
+            return azLatestVersion;
+        });
+    }
+    static isValidVersion(version) {
+        return !!version.match(Constants_1.default.versionPattern);
+    }
+}
+exports.default = Utils;

lib/main.js

@@ -1,69 +1,168 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const crypto = __importStar(require("crypto"));
-const exec = __importStar(require("@actions/exec"));
-const io = __importStar(require("@actions/io"));
-const actions_secret_parser_1 = require("actions-secret-parser");
-var azPath;
-var prefix = !!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT}` : "";
-function main() {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            // Set user agent varable
-            let usrAgentRepo = crypto.createHash('sha256').update(`${process.env.GITHUB_REPOSITORY}`).digest('hex');
-            let actionName = 'AzureLogin';
-            let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS_${actionName}_${usrAgentRepo}`;
-            core.exportVariable('AZURE_HTTP_USER_AGENT', userAgentString);
-            azPath = yield io.which("az", true);
-            yield executeAzCliCommand("--version");
-            let creds = core.getInput('creds', { required: true });
-            let secrets = new actions_secret_parser_1.SecretParser(creds, actions_secret_parser_1.FormatType.JSON);
-            let servicePrincipalId = secrets.getSecret("$.clientId", false);
-            let servicePrincipalKey = secrets.getSecret("$.clientSecret", true);
-            let tenantId = secrets.getSecret("$.tenantId", false);
-            let subscriptionId = secrets.getSecret("$.subscriptionId", false);
-            if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !subscriptionId) {
-                throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret, tenantId and subscriptionId are supplied.");
-            }
-            yield executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`);
-            yield executeAzCliCommand(`account set --subscription "${subscriptionId}"`);
-            console.log("Login successful.");
-        }
-        catch (error) {
-            core.error("Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
-            core.setFailed(error);
-        }
-        finally {
-            // Reset AZURE_HTTP_USER_AGENT
-            core.exportVariable('AZURE_HTTP_USER_AGENT', prefix);
-        }
-    });
-}
-function executeAzCliCommand(command) {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            yield exec.exec(`"${azPath}" ${command}`, [], {});
-        }
-        catch (error) {
-            throw new Error(error);
-        }
-    });
-}
-main();
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const exec = __importStar(require("@actions/exec"));
+const io = __importStar(require("@actions/io"));
+const actions_secret_parser_1 = require("actions-secret-parser");
+const ServicePrincipalLogin_1 = require("./PowerShell/ServicePrincipalLogin");
+var azPath;
+var prefix = !!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT}` : "";
+var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT}` : "";
+function main() {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            // Set user agent variable
+            var isAzCLISuccess = false;
+            let usrAgentRepo = `${process.env.GITHUB_REPOSITORY}`;
+            let actionName = 'AzureLogin';
+            let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
+            let azurePSHostEnv = (!!azPSHostEnv ? `${azPSHostEnv}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
+            core.exportVariable('AZURE_HTTP_USER_AGENT', userAgentString);
+            core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv);
+            azPath = yield io.which("az", true);
+            let azureSupportedCloudName = new Set([
+                "azureusgovernment",
+                "azurechinacloud",
+                "azuregermancloud",
+                "azurecloud",
+                "azurestack"
+            ]);
+            let output = "";
+            const execOptions = {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString();
+                    }
+                }
+            };
+            yield executeAzCliCommand("--version", true, execOptions);
+            core.debug(`az cli version used:\n${output}`);
+            let creds = core.getInput('creds', { required: true });
+            let secrets = new actions_secret_parser_1.SecretParser(creds, actions_secret_parser_1.FormatType.JSON);
+            let servicePrincipalId = secrets.getSecret("$.clientId", false);
+            let servicePrincipalKey = secrets.getSecret("$.clientSecret", true);
+            let tenantId = secrets.getSecret("$.tenantId", false);
+            let subscriptionId = secrets.getSecret("$.subscriptionId", false);
+            let resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false);
+            let environment = core.getInput("environment").toLowerCase();
+            const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
+            const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
+            if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
+                throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
+            }
+            if (!subscriptionId && !allowNoSubscriptionsLogin) {
+                throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
+            }
+            if (!azureSupportedCloudName.has(environment)) {
+                throw new Error("Unsupported value for environment is passed.The list of supported values for environment are ‘azureusgovernment', ‘azurechinacloud’, ‘azuregermancloud’, ‘azurecloud’ or ’azurestack’");
+            }
+            // Attempting Az cli login
+            if (environment == "azurestack") {
+                if (!resourceManagerEndpointUrl) {
+                    throw new Error("resourceManagerEndpointUrl is a required parameter when environment is defined.");
+                }
+                console.log(`Unregistering cloud: "${environment}" first if it exists`);
+                try {
+                    yield executeAzCliCommand(`cloud set -n AzureCloud`, true);
+                    yield executeAzCliCommand(`cloud unregister -n "${environment}"`, false);
+                }
+                catch (error) {
+                    console.log(`Ignore cloud not registered error: "${error}"`);
+                }
+                console.log(`Registering cloud: "${environment}" with ARM endpoint: "${resourceManagerEndpointUrl}"`);
+                try {
+                    let baseUri = resourceManagerEndpointUrl;
+                    if (baseUri.endsWith('/')) {
+                        baseUri = baseUri.substring(0, baseUri.length - 1); // need to remove trailing / from resourceManagerEndpointUrl to correctly derive suffixes below
+                    }
+                    let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
+                    let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without .
+                    let profileVersion = "2019-03-01-hybrid";
+                    yield executeAzCliCommand(`cloud register -n "${environment}" --endpoint-resource-manager "${resourceManagerEndpointUrl}" --suffix-keyvault-dns "${suffixKeyvault}" --suffix-storage-endpoint "${suffixStorage}" --profile "${profileVersion}"`, false);
+                }
+                catch (error) {
+                    core.error(`Error while trying to register cloud "${environment}": "${error}"`);
+                }
+                console.log(`Done registering cloud: "${environment}"`);
+            }
+            yield executeAzCliCommand(`cloud set -n "${environment}"`, false);
+            console.log(`Done setting cloud: "${environment}"`);
+            // Attempting Az cli login
+            if (allowNoSubscriptionsLogin) {
+                let args = [
+                    "--allow-no-subscriptions",
+                    "--service-principal",
+                    "-u", servicePrincipalId,
+                    "-p", servicePrincipalKey,
+                    "--tenant", tenantId
+                ];
+                yield executeAzCliCommand(`login`, true, {}, args);
+            }
+            else {
+                let args = [
+                    "--service-principal",
+                    "-u", servicePrincipalId,
+                    "-p", servicePrincipalKey,
+                    "--tenant", tenantId
+                ];
+                yield executeAzCliCommand(`login`, true, {}, args);
+                args = [
+                    "--subscription",
+                    subscriptionId
+                ];
+                yield executeAzCliCommand(`account set`, true, {}, args);
+            }
+            isAzCLISuccess = true;
+            if (enableAzPSSession) {
+                // Attempting Az PS login
+                console.log(`Running Azure PS Login`);
+                const spnlogin = new ServicePrincipalLogin_1.ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl);
+                yield spnlogin.initialize();
+                yield spnlogin.login();
+            }
+            console.log("Login successful.");
+        }
+        catch (error) {
+            if (!isAzCLISuccess) {
+                core.error("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
+            }
+            else {
+                core.error(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
+            }
+            core.setFailed(error);
+        }
+        finally {
+            // Reset AZURE_HTTP_USER_AGENT
+            core.exportVariable('AZURE_HTTP_USER_AGENT', prefix);
+            core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azPSHostEnv);
+        }
+    });
+}
+function executeAzCliCommand(command, silent, execOptions = {}, args = []) {
+    return __awaiter(this, void 0, void 0, function* () {
+        execOptions.silent = !!silent;
+        try {
+            yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
+        }
+        catch (error) {
+            throw new Error(error);
+        }
+    });
+}
+main();

package.json

@@ -1,20 +1,24 @@
 {
   "name": "login",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Login Azure wraps the az login, allowing for Azure actions to log into Azure",
   "main": "lib/main.js",
   "scripts": {
     "build": "tsc",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "jest"
   },
   "author": "Sumiran Aggarwal",
   "license": "MIT",
   "devDependencies": {
+    "@types/jest": "^25.1.4",
     "@types/node": "^12.7.11",
+    "jest": "^25.2.4",
+    "jest-circus": "^25.2.7",
+    "ts-jest": "^25.3.0",
     "typescript": "^3.6.3"
   },
   "dependencies": {
-    "@actions/core": "^1.1.3",
+    "@actions/core": "^1.2.6",
     "@actions/exec": "^1.0.1",
     "@actions/io": "^1.0.1",
     "actions-secret-parser": "^1.0.2"

src/PowerShell/Constants.ts

@@ -0,0 +1,13 @@
+export default class Constants {
+    static readonly prefix: string = "az_";
+    static readonly moduleName: string = "Az.Accounts";
+    static readonly versionPattern = /[0-9]\.[0-9]\.[0-9]/;
+
+    static readonly AzureCloud: string = "AzureCloud";
+    static readonly Subscription: string = "Subscription";
+    static readonly ServicePrincipal: string = "ServicePrincipal";
+
+    static readonly Success: string = "Success";
+    static readonly Error: string = "Error";
+    static readonly AzVersion: string = "AzVersion";
+}

src/PowerShell/IAzurePowerShellSession.ts

@@ -0,0 +1,4 @@
+interface IAzurePowerShellSession {
+    initialize();
+    login();
+}

src/PowerShell/ServicePrincipalLogin.ts

@@ -0,0 +1,71 @@
+import * as core from '@actions/core';
+
+import Utils from './Utilities/Utils';
+import PowerShellToolRunner from './Utilities/PowerShellToolRunner';
+import ScriptBuilder from './Utilities/ScriptBuilder';
+import Constants from './Constants';
+
+export class ServicePrincipalLogin implements IAzurePowerShellSession {
+    static readonly scopeLevel: string = Constants.Subscription;
+    static readonly scheme: string = Constants.ServicePrincipal;
+    environment: string;
+    servicePrincipalId: string;
+    servicePrincipalKey: string;
+    tenantId: string;
+    subscriptionId: string;
+    resourceManagerEndpointUrl: string;
+    allowNoSubscriptionsLogin: boolean;
+
+    constructor(servicePrincipalId: string, 
+        servicePrincipalKey: string, 
+        tenantId: string, 
+        subscriptionId: string,
+        allowNoSubscriptionsLogin: boolean,
+        environment: string,
+        resourceManagerEndpointUrl: string) {
+        
+        this.servicePrincipalId = servicePrincipalId;
+        this.servicePrincipalKey = servicePrincipalKey;
+        this.tenantId = tenantId;
+        this.subscriptionId = subscriptionId;
+        this.environment = environment;
+        this.resourceManagerEndpointUrl = resourceManagerEndpointUrl;
+        this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
+    }
+
+    async initialize() {
+        Utils.setPSModulePath();
+        const azLatestVersion: string = await Utils.getLatestModule(Constants.moduleName);
+        core.debug(`Az Module version used: ${azLatestVersion}`);
+        Utils.setPSModulePath(`${Constants.prefix}${azLatestVersion}`);
+    }
+
+    async login() {
+        let output: string = "";
+        const options: any = {
+            listeners: {
+                stdout: (data: Buffer) => {
+                    output += data.toString();
+                }
+            }
+        };
+        const args: any = {
+            servicePrincipalId: this.servicePrincipalId,
+            servicePrincipalKey: this.servicePrincipalKey,
+            subscriptionId: this.subscriptionId,
+            environment: this.environment,
+            scopeLevel: ServicePrincipalLogin.scopeLevel,
+            allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin,
+            resourceManagerEndpointUrl: this.resourceManagerEndpointUrl
+        }
+        const script: string = new ScriptBuilder().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
+        await PowerShellToolRunner.init();
+        await PowerShellToolRunner.executePowerShellScriptBlock(script, options);
+        const result: any = JSON.parse(output.trim());
+        if (!(Constants.Success in result)) {
+            throw new Error(`Azure PowerShell login failed with error: ${result[Constants.Error]}`);
+        }
+        console.log(`Azure PowerShell session successfully initialized`);
+    }
+
+}

src/PowerShell/Utilities/PowerShellToolRunner.ts

@@ -0,0 +1,16 @@
+import * as io from '@actions/io';
+import * as exec from '@actions/exec';
+
+export default class PowerShellToolRunner {
+    static psPath: string;
+
+    static async init() {
+        if(!PowerShellToolRunner.psPath) {
+            PowerShellToolRunner.psPath = await io.which("pwsh", true);
+        }
+    }
+
+    static async executePowerShellScriptBlock(scriptBlock: string, options: any = {}) {
+        await exec.exec(`"${PowerShellToolRunner.psPath}" -Command`, [scriptBlock], options)
+    }
+}

src/PowerShell/Utilities/ScriptBuilder.ts

@@ -0,0 +1,54 @@
+import * as core from '@actions/core';
+
+import Constants from "../Constants";
+
+export default class ScriptBuilder {
+    script: string = "";
+
+    getAzPSLoginScript(scheme: string, tenantId: string, args: any): string {
+        let command = `Clear-AzContext -Scope Process;
+             Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue;`;
+        if (scheme === Constants.ServicePrincipal) {
+            if (args.environment.toLowerCase() == "azurestack") {
+                command += `Add-AzEnvironment -Name ${args.environment} -ARMEndpoint ${args.resourceManagerEndpointUrl} | out-null;`;
+            }
+            command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
+            (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
+                -Environment '${args.environment}' | out-null;`;
+            if (args.scopeLevel === Constants.Subscription && !args.allowNoSubscriptionsLogin) {
+                command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`;
+            }
+        }
+        this.script += `try {
+            $ErrorActionPreference = "Stop"
+            $WarningPreference = "SilentlyContinue"
+            $output = @{}
+            ${command}
+            $output['${Constants.Success}'] = "true"
+        }
+        catch {
+            $output['${Constants.Error}'] = $_.exception.Message
+        }
+        return ConvertTo-Json $output`;
+        core.debug(`Azure PowerShell Login Script: ${this.script}`);
+        return this.script;
+    }
+
+    getLatestModuleScript(moduleName: string): string {
+        const command: string = `Get-Module -Name ${moduleName} -ListAvailable | Sort-Object Version -Descending | Select-Object -First 1`;
+        this.script += `try {
+            $ErrorActionPreference = "Stop"
+            $WarningPreference = "SilentlyContinue"
+            $output = @{}
+            $data = ${command}
+            $output['${Constants.AzVersion}'] = $data.Version.ToString()
+            $output['${Constants.Success}'] = "true"
+        }
+        catch {
+            $output['${Constants.Error}'] = $_.exception.Message
+        }
+        return ConvertTo-Json $output`;
+        core.debug(`GetLatestModuleScript: ${this.script}`);
+        return this.script;
+    }
+}

src/PowerShell/Utilities/Utils.ts

@@ -0,0 +1,61 @@
+import * as os from 'os';
+
+import Constants from '../Constants';
+import ScriptBuilder from './ScriptBuilder';
+import PowerShellToolRunner from './PowerShellToolRunner';
+
+export default class Utils {
+    /**
+     * Add the folder path where Az modules are present to PSModulePath based on runner
+     * @param azPSVersion
+     * If azPSVersion is empty, folder path in which all Az modules are present are set
+     * If azPSVersion is not empty, folder path of exact Az module version is set
+     */
+    static setPSModulePath(azPSVersion: string = "") {
+        let modulePath: string = "";
+        const runner: string = process.env.RUNNER_OS || os.type();
+        switch (runner.toLowerCase()) {
+            case "linux":
+                modulePath = `/usr/share/${azPSVersion}:`;
+                break;
+            case "windows":
+            case "windows_nt":
+                modulePath = `C:\\Modules\\${azPSVersion};`;
+                break;
+            case "macos":
+            case "darwin":
+                throw new Error(`OS not supported`);
+            default:
+                throw new Error(`Unknown os: ${runner.toLowerCase()}`);
+        }
+        process.env.PSModulePath = `${modulePath}${process.env.PSModulePath}`;
+    }
+
+    static async getLatestModule(moduleName: string): Promise<string> {
+        let output: string = "";
+        const options: any = {
+            listeners: {
+                stdout: (data: Buffer) => {
+                    output += data.toString();
+                }
+            }
+        };
+        await PowerShellToolRunner.init();
+        await PowerShellToolRunner.executePowerShellScriptBlock(new ScriptBuilder()
+                                .getLatestModuleScript(moduleName), options);
+        const result = JSON.parse(output.trim());
+        if (!(Constants.Success in result)) {
+            throw new Error(result[Constants.Error]);
+        }
+        const azLatestVersion: string = result[Constants.AzVersion];
+        if (!Utils.isValidVersion(azLatestVersion)) {
+            throw new Error(`Invalid AzPSVersion: ${azLatestVersion}`);
+        }
+        return azLatestVersion;
+    }
+
+    static isValidVersion(version: string): boolean {
+        return !!version.match(Constants.versionPattern);
+    }
+}
+

src/main.ts

@@ -1,54 +1,176 @@
 import * as core from '@actions/core';
-import * as crypto from "crypto";
 import * as exec from '@actions/exec';
 import * as io from '@actions/io';
-
 import { FormatType, SecretParser } from 'actions-secret-parser';
+import { ServicePrincipalLogin } from './PowerShell/ServicePrincipalLogin';
 
 var azPath: string;
 var prefix = !!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT}` : "";
+var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT}` : "";
 
 async function main() {
-    try{
-        // Set user agent varable
-        let usrAgentRepo = crypto.createHash('sha256').update(`${process.env.GITHUB_REPOSITORY}`).digest('hex');
+    try {
+        // Set user agent variable
+        var isAzCLISuccess = false;
+        let usrAgentRepo = `${process.env.GITHUB_REPOSITORY}`;
         let actionName = 'AzureLogin';
-        let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS_${actionName}_${usrAgentRepo}`;
+        let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
+        let azurePSHostEnv = (!!azPSHostEnv ? `${azPSHostEnv}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
         core.exportVariable('AZURE_HTTP_USER_AGENT', userAgentString);
+        core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv);
 
         azPath = await io.which("az", true);
-        await executeAzCliCommand("--version");
+        
+        let azureSupportedCloudName = new Set([
+            "azureusgovernment", 
+            "azurechinacloud", 
+            "azuregermancloud",
+            "azurecloud",
+            "azurestack"]);
 
+        let output: string = "";
+        const execOptions: any = {
+            listeners: {
+                stdout: (data: Buffer) => {
+                    output += data.toString();
+                }
+            }
+        };
+        await executeAzCliCommand("--version", true, execOptions);
+        core.debug(`az cli version used:\n${output}`);
+    
         let creds = core.getInput('creds', { required: true });
         let secrets = new SecretParser(creds, FormatType.JSON);
         let servicePrincipalId = secrets.getSecret("$.clientId", false);
         let servicePrincipalKey = secrets.getSecret("$.clientSecret", true);
         let tenantId = secrets.getSecret("$.tenantId", false);
         let subscriptionId = secrets.getSecret("$.subscriptionId", false);
-        if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !subscriptionId) {
-            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret, tenantId and subscriptionId are supplied.");
+        let resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false);
+        let environment = core.getInput("environment").toLowerCase();
+        const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
+        const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
+
+        if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
+            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
+        }
+
+        if (!subscriptionId && !allowNoSubscriptionsLogin) {
+            throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
+        }
+        
+       if (!azureSupportedCloudName.has(environment)){
+            throw new Error("Unsupported value for environment is passed.The list of supported values for environment are ‘azureusgovernment', ‘azurechinacloud’, ‘azuregermancloud’, ‘azurecloud’ or ’azurestack’");
+       }
+    
+        // Attempting Az cli login
+        if (environment == "azurestack") {
+            if (!resourceManagerEndpointUrl) {
+                throw new Error("resourceManagerEndpointUrl is a required parameter when environment is defined.");
+            }
+
+            console.log(`Unregistering cloud: "${environment}" first if it exists`);
+            try {
+                await executeAzCliCommand(`cloud set -n AzureCloud`, true);
+                await executeAzCliCommand(`cloud unregister -n "${environment}"`, false);
+            }
+            catch (error) {
+                console.log(`Ignore cloud not registered error: "${error}"`);
+            }
+
+            console.log(`Registering cloud: "${environment}" with ARM endpoint: "${resourceManagerEndpointUrl}"`);
+            try {
+                let baseUri = resourceManagerEndpointUrl;
+                if (baseUri.endsWith('/')) {
+                    baseUri = baseUri.substring(0, baseUri.length-1); // need to remove trailing / from resourceManagerEndpointUrl to correctly derive suffixes below
+                }
+                let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
+                let suffixStorage = baseUri.substring(baseUri.indexOf('.')+1); // storage suffix starts without .
+                let profileVersion = "2019-03-01-hybrid";
+                await executeAzCliCommand(`cloud register -n "${environment}" --endpoint-resource-manager "${resourceManagerEndpointUrl}" --suffix-keyvault-dns "${suffixKeyvault}" --suffix-storage-endpoint "${suffixStorage}" --profile "${profileVersion}"`, false);
+            } 
+            catch (error) {
+                core.error(`Error while trying to register cloud "${environment}": "${error}"`);
+            }
+
+            console.log(`Done registering cloud: "${environment}"`)
+        }
+    
+        await executeAzCliCommand(`cloud set -n "${environment}"`, false);
+        console.log(`Done setting cloud: "${environment}"`);
+
+        // Attempting Az cli login
+        if (allowNoSubscriptionsLogin) {
+            let args = [
+                "--allow-no-subscriptions",
+                "--service-principal",
+                "-u", servicePrincipalId,
+                "-p", servicePrincipalKey,
+                "--tenant", tenantId
+            ];
+            await executeAzCliCommand(`login`, true, {}, args);
+        }
+        else {
+            let args = [
+                "--service-principal",
+                "-u", servicePrincipalId,
+                "-p", servicePrincipalKey,
+                "--tenant", tenantId
+            ];
+            await executeAzCliCommand(`login`, true, {}, args);
+            args = [
+                "--subscription",
+                subscriptionId
+            ];
+            await executeAzCliCommand(`account set`, true, {}, args);
+        }
+
+        isAzCLISuccess = true;
+        if (enableAzPSSession) {
+            // Attempting Az PS login
+            console.log(`Running Azure PS Login`);
+            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(
+                servicePrincipalId, 
+                servicePrincipalKey, 
+                tenantId, 
+                subscriptionId, 
+                allowNoSubscriptionsLogin,
+                environment, 
+                resourceManagerEndpointUrl);
+            await spnlogin.initialize();
+            await spnlogin.login();
         }
 
-        await executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`);
-        await executeAzCliCommand(`account set --subscription "${subscriptionId}"`);
         console.log("Login successful.");    
-    } catch (error) {
-        core.error("Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
+    }
+    catch (error) {
+        if (!isAzCLISuccess) {
+            core.error("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
+        } 
+        else {
+            core.error(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
+        }
         core.setFailed(error);
-    } finally {
+    }
+    finally {
         // Reset AZURE_HTTP_USER_AGENT
         core.exportVariable('AZURE_HTTP_USER_AGENT', prefix);
+        core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azPSHostEnv);
     }
 }
 
-async function executeAzCliCommand(command: string) {
+async function executeAzCliCommand(
+    command: string, 
+    silent?: boolean, 
+    execOptions: any = {}, 
+    args: any = []) {
+    
+    execOptions.silent = !!silent;
     try {
-        await exec.exec(`"${azPath}" ${command}`, [],  {}); 
+        await exec.exec(`"${azPath}" ${command}`, args,  execOptions); 
     }
-    catch(error) {
+    catch (error) {
         throw new Error(error);
     }
 }
 
-
 main();

tsconfig.json

@@ -56,5 +56,8 @@
     /* Experimental Options */
     // "experimentalDecorators": true,        /* Enables experimental support for ES7 decorators. */
     // "emitDecoratorMetadata": true,         /* Enables experimental support for emitting type metadata for decorators. */
-  }
+  },
+  "exclude" : [
+    "./__tests__"
+  ]
 }