update readme

* Updating instructions to include Azure Stack Hub

Added sample work flow for ASH and service principle instructions

* Updating based on PR feedback

- Added a description to environment parameter
- Updated instructions to say "required only for ash" for service principle instructions

Co-authored-by: Amruta Kawade <65217380+AmrutaKawade@users.noreply.github.com>

.github/ISSUE_TEMPLATE/bug-report---feature-request.md

@@ -0,0 +1,10 @@
+---
+name: Bug Report / Feature Request
+about: Create a report to help us improve
+title: ''
+labels: need-to-triage
+assignees: ''
+
+---
+
+

README.md

@@ -12,9 +12,11 @@ Get started today with a [free Azure account](https://azure.com/free/open-source
 
 # GitHub Action for Azure Login
 
-With the Azure login Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) and run Azure CLI and Azure PowerShell scripts.
+With the Azure login Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) and run Azure CLI and Azure PowerShell scripts. You can leverage this action for the public or soverign clouds including Azure Government and Azure Stack Hub (using the `environment` parameter).  
 
-By default, the action only logs in with the Azure CLI (using the `az login` command). To log in with the Az PowerShell module, set `enable-AzPSSession` to true.
+By default, the action only logs in with the Azure CLI (using the `az login` command). To log in with the Az PowerShell module, set `enable-AzPSSession` to true. To login to Azure tenants without any subscriptions, set the optional parameter `allow-no-subscriptions` to true. 
+
+To login into one of the Azure Government clouds, set the optional parameter environment with supported cloud names AzureUSGovernment or AzureChinaCloud. If this parameter is not specified, it takes the default value AzureCloud and connect to the Azure Public Cloud. Additionally the parameter creds takes the Azure service principal created in the particular cloud to connect (Refer to Configure deployment credentials section below for details).
 
 This repository contains GitHub Action for [Azure Login](https://github.com/Azure/login/blob/master/action.yml).
 
@@ -74,8 +76,50 @@ jobs:
           Get-AzVM -ResourceGroupName "ActionsDemo"
 ```
 
+## Sample to connect to Azure US Government cloud
+
+```
+   - name: Login to Azure US Gov Cloud with CLI 
+     uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
+          environment: 'AzureUSGovernment'
+          enable-AzPSSession: false
+   - name: Login to Azure US Gov Cloud with Az Powershell
+      uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
+          environment: 'AzureUSGovernment'
+          enable-AzPSSession: true
+```
+
 Refer to the [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
 
+## Sample Azure Login workflow that to run az cli on Azure Stack Hub
+
+```yaml
+
+# File: .github/workflows/workflow.yml
+
+on: [push]
+
+name: AzureLoginSample
+
+jobs:
+
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+    
+    - uses: azure/login@AzureStackSupport-Beta
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+        environment: 'AzureStack'
+    
+    - run: |
+        az webapp list --query "[?state=='Running']"
+
+```
 ## Configure deployment credentials:
 
 The previous sample workflows depend on a [secrets](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets) named `AZURE_CREDENTIALS` in your repository. The value of this secret is expected to be a JSON object that represents a service principal (an identifer for an application or process) that authenticates the workflow with Azure.
@@ -85,6 +129,13 @@ To function correctly, this service principal must be assigned the [Contributor]
 The following steps describe how to create the service principal, assign the role, and create a secret in your repository with the resulting credentials.
 
 1. Open the Azure Cloud Shell at [https://shell.azure.com](https://shell.azure.com). You can alternately use the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) if you've installed it locally. (For more information on Cloud Shell, see the [Cloud Shell Overview](https://docs.microsoft.com/azure/cloud-shell/overview).)
+
+    1.1 **(Required ONLY when environment is Azure Stack Hub)** Run the following command to set the SQL Management endpoint to 'not supported'
+      ```bash  
+
+      az cloud update -n {environmentName} --endpoint-sql-management https://notsupported 
+
+      ```
   
 2. Use the [az ad sp create-for-rbac](https://docs.microsoft.com/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_create_for_rbac) command to create a service principal and assign a Contributor role:
 
@@ -130,6 +181,29 @@ The following steps describe how to create the service principal, assign the rol
 
 NOTE: to manage service principals created with `az ad sp create-for-rbac`, visit the [Azure portal](https://portal.azure.com), navigate to your Azure Active Directory, then select **Manage** > **App registrations** on the left-hand menu. Your service principal should appear in the list. Select a principal to navigate to its properties. You can also manage role assignments using the [az role assignment](https://docs.microsoft.com/cli/azure/role/assignment?view=azure-cli-latest) command.
 
+## Support for using `allow-no-subscriptions` flag with az login
+
+Capability has been added to support access to tenants without subscriptions. This can be useful to run tenant level commands, such as `az ad`. The action accepts an optional parameter `allow-no-subscriptions` which is `false` by default.
+
+```yaml
+# File: .github/workflows/workflow.yml
+
+on: [push]
+
+name: AzureLoginWithNoSubscriptions
+
+jobs:
+
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+        allow-no-subscriptions: true
+```
+
 # Contributing
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

__tests__/PowerShell/ServicePrinicipalLogin.test.ts

@@ -5,7 +5,7 @@ jest.mock('../../src/PowerShell/Utilities/PowerShellToolRunner');
 let spnlogin: ServicePrincipalLogin;
 
 beforeAll(() => {
-    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId", false);
+    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId", false, null, null);
 });
 
 afterEach(() => {

action.yml

@@ -9,6 +9,10 @@ inputs:
     description: 'Set this value to true to enable Azure PowerShell Login in addition to Az CLI login'
     required: false
     default: false
+  environment:
+    description: 'Name of the environment. Supported values are azurecloud, azurestack, azureusgovernment, azurechinacloud, azuregermancloud. Default being azurecloud'
+    required: false
+    default: AzureCloud
   allow-no-subscriptions:
     description: 'Set this value to true to enable support for accessing tenants without subscriptions'
     required: false

lib/PowerShell/ServicePrincipalLogin.js

@@ -25,11 +25,13 @@ const PowerShellToolRunner_1 = __importDefault(require("./Utilities/PowerShellTo
 const ScriptBuilder_1 = __importDefault(require("./Utilities/ScriptBuilder"));
 const Constants_1 = __importDefault(require("./Constants"));
 class ServicePrincipalLogin {
-    constructor(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin) {
+    constructor(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl) {
         this.servicePrincipalId = servicePrincipalId;
         this.servicePrincipalKey = servicePrincipalKey;
         this.tenantId = tenantId;
         this.subscriptionId = subscriptionId;
+        this.environment = environment;
+        this.resourceManagerEndpointUrl = resourceManagerEndpointUrl;
         this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
     }
     initialize() {
@@ -54,9 +56,10 @@ class ServicePrincipalLogin {
                 servicePrincipalId: this.servicePrincipalId,
                 servicePrincipalKey: this.servicePrincipalKey,
                 subscriptionId: this.subscriptionId,
-                environment: ServicePrincipalLogin.environment,
+                environment: this.environment,
                 scopeLevel: ServicePrincipalLogin.scopeLevel,
-                allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin
+                allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin,
+                resourceManagerEndpointUrl: this.resourceManagerEndpointUrl
             };
             const script = new ScriptBuilder_1.default().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
             yield PowerShellToolRunner_1.default.init();
@@ -70,6 +73,5 @@ class ServicePrincipalLogin {
     }
 }
 exports.ServicePrincipalLogin = ServicePrincipalLogin;
-ServicePrincipalLogin.environment = Constants_1.default.AzureCloud;
 ServicePrincipalLogin.scopeLevel = Constants_1.default.Subscription;
 ServicePrincipalLogin.scheme = Constants_1.default.ServicePrincipal;

lib/PowerShell/Utilities/ScriptBuilder.js

@@ -20,6 +20,9 @@ class ScriptBuilder {
         let command = `Clear-AzContext -Scope Process;
              Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue;`;
         if (scheme === Constants_1.default.ServicePrincipal) {
+            if (args.environment.toLowerCase() == "azurestack") {
+                command += `Add-AzEnvironment -Name ${args.environment} -ARMEndpoint ${args.resourceManagerEndpointUrl} | out-null;`;
+            }
             command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
             (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
                 -Environment '${args.environment}' | out-null;`;

lib/main.js

@@ -36,13 +36,31 @@ function main() {
             core.exportVariable('AZURE_HTTP_USER_AGENT', userAgentString);
             core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv);
             azPath = yield io.which("az", true);
-            yield executeAzCliCommand("--version");
+            let azureSupportedCloudName = new Set([
+                "azureusgovernment",
+                "azurechinacloud",
+                "azuregermancloud",
+                "azurecloud",
+                "azurestack"
+            ]);
+            let output = "";
+            const execOptions = {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString();
+                    }
+                }
+            };
+            yield executeAzCliCommand("--version", true, execOptions);
+            core.debug(`az cli version used:\n${output}`);
             let creds = core.getInput('creds', { required: true });
             let secrets = new actions_secret_parser_1.SecretParser(creds, actions_secret_parser_1.FormatType.JSON);
             let servicePrincipalId = secrets.getSecret("$.clientId", false);
             let servicePrincipalKey = secrets.getSecret("$.clientSecret", true);
             let tenantId = secrets.getSecret("$.tenantId", false);
             let subscriptionId = secrets.getSecret("$.subscriptionId", false);
+            let resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false);
+            let environment = core.getInput("environment").toLowerCase();
             const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
             const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
             if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
@@ -51,19 +69,70 @@ function main() {
             if (!subscriptionId && !allowNoSubscriptionsLogin) {
                 throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
             }
+            if (!azureSupportedCloudName.has(environment)) {
+                throw new Error("Unsupported value for environment is passed.The list of supported values for environment are ‘azureusgovernment', ‘azurechinacloud’, ‘azuregermancloud’, ‘azurecloud’ or ’azurestack’");
+            }
+            // Attempting Az cli login
+            if (environment == "azurestack") {
+                if (!resourceManagerEndpointUrl) {
+                    throw new Error("resourceManagerEndpointUrl is a required parameter when environment is defined.");
+                }
+                console.log(`Unregistering cloud: "${environment}" first if it exists`);
+                try {
+                    yield executeAzCliCommand(`cloud set -n AzureCloud`, true);
+                    yield executeAzCliCommand(`cloud unregister -n "${environment}"`, false);
+                }
+                catch (error) {
+                    console.log(`Ignore cloud not registered error: "${error}"`);
+                }
+                console.log(`Registering cloud: "${environment}" with ARM endpoint: "${resourceManagerEndpointUrl}"`);
+                try {
+                    let baseUri = resourceManagerEndpointUrl;
+                    if (baseUri.endsWith('/')) {
+                        baseUri = baseUri.substring(0, baseUri.length - 1); // need to remove trailing / from resourceManagerEndpointUrl to correctly derive suffixes below
+                    }
+                    let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
+                    let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without .
+                    let profileVersion = "2019-03-01-hybrid";
+                    yield executeAzCliCommand(`cloud register -n "${environment}" --endpoint-resource-manager "${resourceManagerEndpointUrl}" --suffix-keyvault-dns "${suffixKeyvault}" --suffix-storage-endpoint "${suffixStorage}" --profile "${profileVersion}"`, false);
+                }
+                catch (error) {
+                    core.error(`Error while trying to register cloud "${environment}": "${error}"`);
+                }
+                console.log(`Done registering cloud: "${environment}"`);
+            }
+            yield executeAzCliCommand(`cloud set -n "${environment}"`, false);
+            console.log(`Done setting cloud: "${environment}"`);
             // Attempting Az cli login
             if (allowNoSubscriptionsLogin) {
-                yield executeAzCliCommand(`login --allow-no-subscriptions --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
+                let args = [
+                    "--allow-no-subscriptions",
+                    "--service-principal",
+                    "-u", servicePrincipalId,
+                    "-p", servicePrincipalKey,
+                    "--tenant", tenantId
+                ];
+                yield executeAzCliCommand(`login`, true, {}, args);
             }
             else {
-                yield executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
-                yield executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+                let args = [
+                    "--service-principal",
+                    "-u", servicePrincipalId,
+                    "-p", servicePrincipalKey,
+                    "--tenant", tenantId
+                ];
+                yield executeAzCliCommand(`login`, true, {}, args);
+                args = [
+                    "--subscription",
+                    subscriptionId
+                ];
+                yield executeAzCliCommand(`account set`, true, {}, args);
             }
             isAzCLISuccess = true;
             if (enableAzPSSession) {
                 // Attempting Az PS login
                 console.log(`Running Azure PS Login`);
-                const spnlogin = new ServicePrincipalLogin_1.ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin);
+                const spnlogin = new ServicePrincipalLogin_1.ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl);
                 yield spnlogin.initialize();
                 yield spnlogin.login();
             }
@@ -85,10 +154,11 @@ function main() {
         }
     });
 }
-function executeAzCliCommand(command, silent) {
+function executeAzCliCommand(command, silent, execOptions = {}, args = []) {
     return __awaiter(this, void 0, void 0, function* () {
+        execOptions.silent = !!silent;
         try {
-            yield exec.exec(`"${azPath}" ${command}`, [], { silent: !!silent });
+            yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
         }
         catch (error) {
             throw new Error(error);

src/PowerShell/ServicePrincipalLogin.ts

@@ -6,24 +6,30 @@ import ScriptBuilder from './Utilities/ScriptBuilder';
 import Constants from './Constants';
 
 export class ServicePrincipalLogin implements IAzurePowerShellSession {
-    static readonly environment: string = Constants.AzureCloud;
     static readonly scopeLevel: string = Constants.Subscription;
     static readonly scheme: string = Constants.ServicePrincipal;
+    environment: string;
     servicePrincipalId: string;
     servicePrincipalKey: string;
     tenantId: string;
     subscriptionId: string;
+    resourceManagerEndpointUrl: string;
     allowNoSubscriptionsLogin: boolean;
 
     constructor(servicePrincipalId: string, 
         servicePrincipalKey: string, 
         tenantId: string, 
         subscriptionId: string,
-        allowNoSubscriptionsLogin: boolean) {
+        allowNoSubscriptionsLogin: boolean,
+        environment: string,
+        resourceManagerEndpointUrl: string) {
+        
         this.servicePrincipalId = servicePrincipalId;
         this.servicePrincipalKey = servicePrincipalKey;
         this.tenantId = tenantId;
         this.subscriptionId = subscriptionId;
+        this.environment = environment;
+        this.resourceManagerEndpointUrl = resourceManagerEndpointUrl;
         this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
     }
 
@@ -47,9 +53,10 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession {
             servicePrincipalId: this.servicePrincipalId,
             servicePrincipalKey: this.servicePrincipalKey,
             subscriptionId: this.subscriptionId,
-            environment: ServicePrincipalLogin.environment,
+            environment: this.environment,
             scopeLevel: ServicePrincipalLogin.scopeLevel,
-            allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin
+            allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin,
+            resourceManagerEndpointUrl: this.resourceManagerEndpointUrl
         }
         const script: string = new ScriptBuilder().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
         await PowerShellToolRunner.init();

src/PowerShell/Utilities/ScriptBuilder.ts

@@ -9,6 +9,9 @@ export default class ScriptBuilder {
         let command = `Clear-AzContext -Scope Process;
              Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue;`;
         if (scheme === Constants.ServicePrincipal) {
+            if (args.environment.toLowerCase() == "azurestack") {
+                command += `Add-AzEnvironment -Name ${args.environment} -ARMEndpoint ${args.resourceManagerEndpointUrl} | out-null;`;
+            }
             command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
             (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
                 -Environment '${args.environment}' | out-null;`;

src/main.ts

@@ -1,7 +1,6 @@
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
 import * as io from '@actions/io';
-
 import { FormatType, SecretParser } from 'actions-secret-parser';
 import { ServicePrincipalLogin } from './PowerShell/ServicePrincipalLogin';
 
@@ -21,16 +20,36 @@ async function main() {
         core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv);
 
         azPath = await io.which("az", true);
-        await executeAzCliCommand("--version");
+        
+        let azureSupportedCloudName = new Set([
+            "azureusgovernment", 
+            "azurechinacloud", 
+            "azuregermancloud",
+            "azurecloud",
+            "azurestack"]);
 
+        let output: string = "";
+        const execOptions: any = {
+            listeners: {
+                stdout: (data: Buffer) => {
+                    output += data.toString();
+                }
+            }
+        };
+        await executeAzCliCommand("--version", true, execOptions);
+        core.debug(`az cli version used:\n${output}`);
+    
         let creds = core.getInput('creds', { required: true });
         let secrets = new SecretParser(creds, FormatType.JSON);
         let servicePrincipalId = secrets.getSecret("$.clientId", false);
         let servicePrincipalKey = secrets.getSecret("$.clientSecret", true);
         let tenantId = secrets.getSecret("$.tenantId", false);
         let subscriptionId = secrets.getSecret("$.subscriptionId", false);
+        let resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false);
+        let environment = core.getInput("environment").toLowerCase();
         const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
         const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
+
         if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
             throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
         }
@@ -38,45 +57,120 @@ async function main() {
         if (!subscriptionId && !allowNoSubscriptionsLogin) {
             throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
         }
+        
+       if (!azureSupportedCloudName.has(environment)){
+            throw new Error("Unsupported value for environment is passed.The list of supported values for environment are ‘azureusgovernment', ‘azurechinacloud’, ‘azuregermancloud’, ‘azurecloud’ or ’azurestack’");
+       }
+    
+        // Attempting Az cli login
+        if (environment == "azurestack") {
+            if (!resourceManagerEndpointUrl) {
+                throw new Error("resourceManagerEndpointUrl is a required parameter when environment is defined.");
+            }
+
+            console.log(`Unregistering cloud: "${environment}" first if it exists`);
+            try {
+                await executeAzCliCommand(`cloud set -n AzureCloud`, true);
+                await executeAzCliCommand(`cloud unregister -n "${environment}"`, false);
+            }
+            catch (error) {
+                console.log(`Ignore cloud not registered error: "${error}"`);
+            }
+
+            console.log(`Registering cloud: "${environment}" with ARM endpoint: "${resourceManagerEndpointUrl}"`);
+            try {
+                let baseUri = resourceManagerEndpointUrl;
+                if (baseUri.endsWith('/')) {
+                    baseUri = baseUri.substring(0, baseUri.length-1); // need to remove trailing / from resourceManagerEndpointUrl to correctly derive suffixes below
+                }
+                let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
+                let suffixStorage = baseUri.substring(baseUri.indexOf('.')+1); // storage suffix starts without .
+                let profileVersion = "2019-03-01-hybrid";
+                await executeAzCliCommand(`cloud register -n "${environment}" --endpoint-resource-manager "${resourceManagerEndpointUrl}" --suffix-keyvault-dns "${suffixKeyvault}" --suffix-storage-endpoint "${suffixStorage}" --profile "${profileVersion}"`, false);
+            } 
+            catch (error) {
+                core.error(`Error while trying to register cloud "${environment}": "${error}"`);
+            }
+
+            console.log(`Done registering cloud: "${environment}"`)
+        }
+    
+        await executeAzCliCommand(`cloud set -n "${environment}"`, false);
+        console.log(`Done setting cloud: "${environment}"`);
 
         // Attempting Az cli login
         if (allowNoSubscriptionsLogin) {
-            await executeAzCliCommand(`login --allow-no-subscriptions --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
+            let args = [
+                "--allow-no-subscriptions",
+                "--service-principal",
+                "-u", servicePrincipalId,
+                "-p", servicePrincipalKey,
+                "--tenant", tenantId
+            ];
+            await executeAzCliCommand(`login`, true, {}, args);
         }
         else {
-            await executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
-            await executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+            let args = [
+                "--service-principal",
+                "-u", servicePrincipalId,
+                "-p", servicePrincipalKey,
+                "--tenant", tenantId
+            ];
+            await executeAzCliCommand(`login`, true, {}, args);
+            args = [
+                "--subscription",
+                subscriptionId
+            ];
+            await executeAzCliCommand(`account set`, true, {}, args);
         }
+
         isAzCLISuccess = true;
         if (enableAzPSSession) {
             // Attempting Az PS login
             console.log(`Running Azure PS Login`);
-            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin);
+            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(
+                servicePrincipalId, 
+                servicePrincipalKey, 
+                tenantId, 
+                subscriptionId, 
+                allowNoSubscriptionsLogin,
+                environment, 
+                resourceManagerEndpointUrl);
             await spnlogin.initialize();
             await spnlogin.login();
         }
+
         console.log("Login successful.");    
-    } catch (error) {
+    }
+    catch (error) {
         if (!isAzCLISuccess) {
             core.error("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
-        } else {
+        } 
+        else {
             core.error(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
         }
         core.setFailed(error);
-    } finally {
+    }
+    finally {
         // Reset AZURE_HTTP_USER_AGENT
         core.exportVariable('AZURE_HTTP_USER_AGENT', prefix);
         core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azPSHostEnv);
     }
 }
 
-async function executeAzCliCommand(command: string, silent?: boolean) {
+async function executeAzCliCommand(
+    command: string, 
+    silent?: boolean, 
+    execOptions: any = {}, 
+    args: any = []) {
+    
+    execOptions.silent = !!silent;
     try {
-        await exec.exec(`"${azPath}" ${command}`, [],  {silent: !!silent}); 
+        await exec.exec(`"${azPath}" ${command}`, args,  execOptions); 
     }
-    catch(error) {
+    catch (error) {
         throw new Error(error);
     }
 }
 
-main();
+main();