adding params to escape symbols in az cli (#80 ) (#81 )

* adding params to escape symbols in az cli * addressed review comments
adding az cli version debug logs (#76 ) (#78 )
2026-03-13 18:17:09 -04:00 · 2020-11-06 15:51:39 +05:30 · 2020-11-03 17:27:24 +05:30 · 2020-11-03 16:15:14 +05:30
9 changed files with 137 additions and 25 deletions
--- a/tests/PowerShell/ServicePrinicipalLogin.test.ts
+++ b/tests/PowerShell/ServicePrinicipalLogin.test.ts
@@ -5,7 +5,7 @@ jest.mock('../../src/PowerShell/Utilities/PowerShellToolRunner');
 let spnlogin: ServicePrincipalLogin;

 beforeAll(() => {
-    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId");
+    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId", false);
 });

 afterEach(() => {
--- a/tests/PowerShell/Utilities/ScriptBuilder.test.ts
+++ b/tests/PowerShell/Utilities/ScriptBuilder.test.ts
@@ -0,0 +1,25 @@
+import ScriptBuilder from "../../../src/PowerShell/Utilities/ScriptBuilder";
+import Constants from "../../../src/PowerShell/Constants";
+
+describe("Getting AzLogin PS script" , () => {
+    const scheme = Constants.ServicePrincipal;
+    let args: any = {
+        servicePrincipalId: "service-principal-id",
+        servicePrincipalKey: "service-principal-key",
+        environment: "environment",
+        scopeLevel: Constants.Subscription,
+        subscriptionId: "subId",
+        allowNoSubscriptionsLogin: true
+    }
+
+    test("PS script should not set context while passing allowNoSubscriptionsLogin as true", () => {
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeFalsy();
+    });
+
+    test("PS script should set context while passing allowNoSubscriptionsLogin as false", () => {
+        args["allowNoSubscriptionsLogin"] = false;
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeTruthy();
+    });
+});
--- a/action.yml
+++ b/action.yml
@@ -9,6 +9,10 @@ inputs:
    description: 'Set this value to true to enable Azure PowerShell Login in addition to Az CLI login'
    required: false
    default: false
+  allow-no-subscriptions:
+    description: 'Set this value to true to enable support for accessing tenants without subscriptions'
+    required: false
+    default: false
 branding:
  icon: 'login.svg'
  color: 'blue'
--- a/lib/PowerShell/ServicePrincipalLogin.js
+++ b/lib/PowerShell/ServicePrincipalLogin.js
@@ -25,11 +25,12 @@ const PowerShellToolRunner_1 = __importDefault(require("./Utilities/PowerShellTo
 const ScriptBuilder_1 = __importDefault(require("./Utilities/ScriptBuilder"));
 const Constants_1 = __importDefault(require("./Constants"));
 class ServicePrincipalLogin {
-    constructor(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId) {
+    constructor(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin) {
        this.servicePrincipalId = servicePrincipalId;
        this.servicePrincipalKey = servicePrincipalKey;
        this.tenantId = tenantId;
        this.subscriptionId = subscriptionId;
+        this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
    }
    initialize() {
        return __awaiter(this, void 0, void 0, function* () {
@@ -54,7 +55,8 @@ class ServicePrincipalLogin {
                servicePrincipalKey: this.servicePrincipalKey,
                subscriptionId: this.subscriptionId,
                environment: ServicePrincipalLogin.environment,
-                scopeLevel: ServicePrincipalLogin.scopeLevel
+                scopeLevel: ServicePrincipalLogin.scopeLevel,
+                allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin
            };
            const script = new ScriptBuilder_1.default().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
            yield PowerShellToolRunner_1.default.init();
--- a/lib/PowerShell/Utilities/ScriptBuilder.js
+++ b/lib/PowerShell/Utilities/ScriptBuilder.js
@@ -23,7 +23,7 @@ class ScriptBuilder {
            command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
            (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
                -Environment '${args.environment}' | out-null;`;
-            if (args.scopeLevel === Constants_1.default.Subscription) {
+            if (args.scopeLevel === Constants_1.default.Subscription && !args.allowNoSubscriptionsLogin) {
                command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`;
            }
        }
--- a/lib/main.js
+++ b/lib/main.js
@@ -36,7 +36,16 @@ function main() {
            core.exportVariable('AZURE_HTTP_USER_AGENT', userAgentString);
            core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv);
            azPath = yield io.which("az", true);
-            yield executeAzCliCommand("--version");
+            let output = "";
+            const execOptions = {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString();
+                    }
+                }
+            };
+            yield executeAzCliCommand("--version", true, execOptions);
+            core.debug(`az cli version used:\n${output}`);
            let creds = core.getInput('creds', { required: true });
            let secrets = new actions_secret_parser_1.SecretParser(creds, actions_secret_parser_1.FormatType.JSON);
            let servicePrincipalId = secrets.getSecret("$.clientId", false);
@@ -44,17 +53,43 @@ function main() {
            let tenantId = secrets.getSecret("$.tenantId", false);
            let subscriptionId = secrets.getSecret("$.subscriptionId", false);
            const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
-            if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !subscriptionId) {
-                throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret, tenantId and subscriptionId are supplied.");
+            const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
+            if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
+                throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
+            }
+            if (!subscriptionId && !allowNoSubscriptionsLogin) {
+                throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
            }
            // Attempting Az cli login
-            yield executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
-            yield executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+            if (allowNoSubscriptionsLogin) {
+                let args = [
+                    "--allow-no-subscriptions",
+                    "--service-principal",
+                    "-u", servicePrincipalId,
+                    "-p", servicePrincipalKey,
+                    "--tenant", tenantId
+                ];
+                yield executeAzCliCommand(`login`, true, {}, args);
+            }
+            else {
+                let args = [
+                    "--service-principal",
+                    "-u", servicePrincipalId,
+                    "-p", servicePrincipalKey,
+                    "--tenant", tenantId
+                ];
+                yield executeAzCliCommand(`login`, true, {}, args);
+                args = [
+                    "--subscription",
+                    subscriptionId
+                ];
+                yield executeAzCliCommand(`account set`, true, {}, args);
+            }
            isAzCLISuccess = true;
            if (enableAzPSSession) {
                // Attempting Az PS login
                console.log(`Running Azure PS Login`);
-                const spnlogin = new ServicePrincipalLogin_1.ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId);
+                const spnlogin = new ServicePrincipalLogin_1.ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin);
                yield spnlogin.initialize();
                yield spnlogin.login();
            }
@@ -76,10 +111,11 @@ function main() {
        }
    });
 }
-function executeAzCliCommand(command, silent) {
+function executeAzCliCommand(command, silent, execOptions = {}, args = []) {
    return __awaiter(this, void 0, void 0, function* () {
+        execOptions.silent = !!silent;
        try {
-            yield exec.exec(`"${azPath}" ${command}`, [], { silent: !!silent });
+            yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
        }
        catch (error) {
            throw new Error(error);
--- a/src/PowerShell/ServicePrincipalLogin.ts
+++ b/src/PowerShell/ServicePrincipalLogin.ts
@@ -13,12 +13,18 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession {
    servicePrincipalKey: string;
    tenantId: string;
    subscriptionId: string;
+    allowNoSubscriptionsLogin: boolean;

-    constructor(servicePrincipalId: string, servicePrincipalKey: string, tenantId: string, subscriptionId: string) {
+    constructor(servicePrincipalId: string, 
+        servicePrincipalKey: string, 
+        tenantId: string, 
+        subscriptionId: string,
+        allowNoSubscriptionsLogin: boolean) {
        this.servicePrincipalId = servicePrincipalId;
        this.servicePrincipalKey = servicePrincipalKey;
        this.tenantId = tenantId;
        this.subscriptionId = subscriptionId;
+        this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
    }

    async initialize() {
@@ -42,7 +48,8 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession {
            servicePrincipalKey: this.servicePrincipalKey,
            subscriptionId: this.subscriptionId,
            environment: ServicePrincipalLogin.environment,
-            scopeLevel: ServicePrincipalLogin.scopeLevel
+            scopeLevel: ServicePrincipalLogin.scopeLevel,
+            allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin
        }
        const script: string = new ScriptBuilder().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
        await PowerShellToolRunner.init();
--- a/src/PowerShell/Utilities/ScriptBuilder.ts
+++ b/src/PowerShell/Utilities/ScriptBuilder.ts
@@ -12,7 +12,7 @@ export default class ScriptBuilder {
            command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
            (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
                -Environment '${args.environment}' | out-null;`;
-            if (args.scopeLevel === Constants.Subscription) {
+            if (args.scopeLevel === Constants.Subscription && !args.allowNoSubscriptionsLogin) {
                command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`;
            }
        }
--- a/src/main.ts
+++ b/src/main.ts
@@ -21,8 +21,17 @@ async function main() {
        core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv);

        azPath = await io.which("az", true);
-        await executeAzCliCommand("--version");
-
+        let output: string = "";
+        const execOptions: any = {
+            listeners: {
+                stdout: (data: Buffer) => {
+                    output += data.toString();
+                }
+            }
+        };
+        await executeAzCliCommand("--version", true, execOptions);
+        core.debug(`az cli version used:\n${output}`);
+    
        let creds = core.getInput('creds', { required: true });
        let secrets = new SecretParser(creds, FormatType.JSON);
        let servicePrincipalId = secrets.getSecret("$.clientId", false);
@@ -30,17 +39,45 @@ async function main() {
        let tenantId = secrets.getSecret("$.tenantId", false);
        let subscriptionId = secrets.getSecret("$.subscriptionId", false);
        const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
-        if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !subscriptionId) {
-            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret, tenantId and subscriptionId are supplied.");
+        const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
+        if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
+            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
        }
+
+        if (!subscriptionId && !allowNoSubscriptionsLogin) {
+            throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
+        }
+
        // Attempting Az cli login
-        await executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
-        await executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+        if (allowNoSubscriptionsLogin) {
+            let args = [
+                "--allow-no-subscriptions",
+                "--service-principal",
+                "-u", servicePrincipalId,
+                "-p", servicePrincipalKey,
+                "--tenant", tenantId
+            ];
+            await executeAzCliCommand(`login`, true, {}, args);
+        }
+        else {
+            let args = [
+                "--service-principal",
+                "-u", servicePrincipalId,
+                "-p", servicePrincipalKey,
+                "--tenant", tenantId
+            ];
+            await executeAzCliCommand(`login`, true, {}, args);
+            args = [
+                "--subscription",
+                subscriptionId
+            ];
+            await executeAzCliCommand(`account set`, true, {}, args);
+        }
        isAzCLISuccess = true;
        if (enableAzPSSession) {
            // Attempting Az PS login
            console.log(`Running Azure PS Login`);
-            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId);
+            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin);
            await spnlogin.initialize();
            await spnlogin.login();
        }
@@ -59,13 +96,14 @@ async function main() {
    }
 }

-async function executeAzCliCommand(command: string, silent?: boolean) {
+async function executeAzCliCommand(command: string, silent?: boolean, execOptions: any = {}, args: any = []) {
+    execOptions.silent = !!silent;
    try {
-        await exec.exec(`"${azPath}" ${command}`, [],  {silent: !!silent}); 
+        await exec.exec(`"${azPath}" ${command}`, args,  execOptions); 
    }
    catch(error) {
        throw new Error(error);
    }
 }

-main();
+main();