prepare release 1.5.0

.github/workflows/azure-login-negative.yml

@@ -347,7 +347,7 @@ jobs:
           script: |
             core.setFailed('Last action should fail but not. Please check it.')
 
-    # SP1 is ignored and SP2 will be used for login, but it will fail since SP2 has no access to the given subscription
+    # Secret of SP1 in creds will be used to sign in SP2
     - name: Login with both creds and individual parameters
       id: login_12
       continue-on-error: true
@@ -383,37 +383,6 @@ jobs:
           script: |
             core.setFailed('Last action should fail but not. Please check it.')
 
-    - name: Login with individual parameters, no subscription-id, no allow-no-subscriptions
-      id: login_14
-      continue-on-error: true
-      uses: ./
-      with:
-        client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
-        tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
-        enable-AzPSSession: true
-
-    - name: Check Last step failed
-      if: steps.login_14.outcome == 'success'
-      uses: actions/github-script@v3
-      with:
-          script: |
-            core.setFailed('Last action should fail but not. Please check it.')
-    
-    - name: Login with creds, no subscription-id, no allow-no-subscriptions
-      id: login_15
-      continue-on-error: true
-      uses: ./
-      with:
-        creds: '{"clientId":"${{ secrets.OIDC_SP2_CLIENT_ID }}","clientSecret":"${{ secrets.SP2_CLIENT_SECRET }}","tenantId":"${{ secrets.OIDC_SP2_TENANT_ID }}"}'
-        enable-AzPSSession: true
-
-    - name: Check Last step failed
-      if: steps.login_15.outcome == 'success'
-      uses: actions/github-script@v3
-      with:
-          script: |
-            core.setFailed('Last action should fail but not. Please check it.')
-
   VMTest:
     strategy:
       matrix:

.github/workflows/azure-login-positive.yml

@@ -61,9 +61,10 @@ jobs:
     - name: Login with individual parameters
       uses: ./
       with:
-        client-id: ${{ secrets.SP1_CLIENT_ID }}
-        tenant-id: ${{ secrets.SP1_TENANT_ID }}
-        subscription-id: ${{ secrets.SP1_SUBSCRIPTION_ID }}
+        client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
+        tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
+        # subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
+        allow-no-subscriptions: true
         enable-AzPSSession: true
 
     - name: Run Azure Cli again
@@ -175,29 +176,6 @@ jobs:
                 throw "Not all checks passed!"
             }
 
-    - name: Login with individual parameters, allow no subscription
-      uses: ./
-      with:
-        client-id: ${{ secrets.SP1_CLIENT_ID }}
-        tenant-id: ${{ secrets.SP1_TENANT_ID}}
-        subscription-id: ${{ secrets.SP1_SUBSCRIPTION_ID }}
-        allow-no-subscriptions: true
-        enable-AzPSSession: true
-
-    - name: Run Azure Cli again
-      run: |
-        az account show --output none
-
-    - name: Run Azure PowerShell again
-      uses: azure/powershell@v1.2.0
-      with:
-        azPSVersion: "latest"
-        inlineScript: |
-            $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
-            if(-not $checkResult){
-                throw "Not all checks passed!"
-            }
-
     - name: Login with individual parameters, no subscription, allow no subscription
       uses: ./
       with:
@@ -220,27 +198,6 @@ jobs:
                 throw "Not all checks passed!"
             }
 
-    - name: Login with creds, no subscription, allow no subscription
-      uses: ./
-      with:
-        creds: '{"clientId":"${{ secrets.OIDC_SP2_CLIENT_ID }}","clientSecret":"${{ secrets.SP2_CLIENT_SECRET }}","tenantId":"${{ secrets.OIDC_SP2_TENANT_ID }}"}'
-        allow-no-subscriptions: true
-        enable-AzPSSession: true
-
-    - name: Run Azure Cli
-      run: |
-        az account show --output none
-
-    - name: Run Azure PowerShell
-      uses: azure/powershell@v1.2.0
-      with:
-        azPSVersion: "latest"
-        inlineScript: |
-            $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
-            if(-not $checkResult){
-                throw "Not all checks passed!"
-            }
-
   VMTest:
     strategy:
       matrix:

__tests__/LoginConfig.test.ts

@@ -75,28 +75,15 @@ describe("LoginConfig Test", () => {
 
     });
 
-    test('initialize with creds, lack of subscriptionId, but allowNoSubscriptionsLogin=true', async () => {
+    test('initialize with creds, lack of subscriptionId', async () => {
         let creds1 = {
             'clientId': 'client-id',
             'clientSecret': 'client-secret',
             'tenantId': 'tenant-id',
             // 'subscriptionId': 'subscription-id'
         }
-        setEnv('environment', 'azurecloud');
-        setEnv('enable-AzPSSession', 'true');
-        setEnv('allow-no-subscriptions', 'true');
-        setEnv('auth-type', 'SERVICE_PRINCIPAL');
-        setEnv('creds', JSON.stringify(creds1));
-        let loginConfig = new LoginConfig();
-        await loginConfig.initialize();
-        expect(loginConfig.environment).toBe("azurecloud");
-        expect(loginConfig.enableAzPSSession).toBeTruthy();
-        expect(loginConfig.allowNoSubscriptionsLogin).toBeTruthy();
-        expect(loginConfig.authType).toBe("SERVICE_PRINCIPAL");
-        expect(loginConfig.servicePrincipalId).toBe("client-id");
-        expect(loginConfig.servicePrincipalSecret).toBe("client-secret");
-        expect(loginConfig.tenantId).toBe("tenant-id");
-        expect(loginConfig.subscriptionId).toBe("");
+        await testCreds(creds1);
+
     });
 
     test('initialize with creds', async () => {

lib/Cli/AzureCliLogin.js

@@ -60,7 +60,6 @@ class AzureCliLogin {
             };
             yield this.executeAzCliCommand(["--version"], true, execOptions);
             core.debug(`Azure CLI version used:\n${output}`);
-            yield this.executeAzCliCommand(["account", "clear"], true, execOptions);
             this.setAzurestackEnvIfNecessary();
             yield this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
             core.info(`Done setting cloud: "${this.loginConfig.environment}"`);
@@ -154,14 +153,15 @@ class AzureCliLogin {
                 args.push("--allow-no-subscriptions");
             }
             yield this.executeAzCliCommand(args, true, this.loginOptions);
-            if (this.loginConfig.subscriptionId) {
-                yield this.setSubscription();
-            }
+            yield this.setSubscription();
             core.info(`Azure CLI login succeeds by using ${methodName}.`);
         });
     }
     setSubscription() {
         return __awaiter(this, void 0, void 0, function* () {
+            if (this.loginConfig.allowNoSubscriptionsLogin) {
+                return;
+            }
             let args = ["account", "set", "--subscription", this.loginConfig.subscriptionId];
             yield this.executeAzCliCommand(args, true, this.loginOptions);
             core.info("Subscription is set successfully.");
@@ -187,7 +187,7 @@ function defaultExecOptions() {
                 if (error && error.trim().length !== 0 && !startsWithWarning) {
                     if (startsWithError) {
                         //removing the keyword 'ERROR' to avoid duplicates while throwing error
-                        error = error.slice(7);
+                        error = error.slice(5);
                     }
                     core.error(error);
                 }

lib/common/LoginConfig.js

@@ -72,8 +72,8 @@ class LoginConfig {
         this.tenantId = this.tenantId ? this.tenantId : secrets.getSecret("$.tenantId", false);
         this.subscriptionId = this.subscriptionId ? this.subscriptionId : secrets.getSecret("$.subscriptionId", false);
         this.resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false);
-        if (!this.servicePrincipalId || !this.servicePrincipalSecret || !this.tenantId) {
-            throw new Error("Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'tenantId'.");
+        if (!this.servicePrincipalId || !this.servicePrincipalSecret || !this.tenantId || !this.subscriptionId) {
+            throw new Error("Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'subscriptionId', 'tenantId'.");
         }
     }
     getFederatedToken() {

node_modules/.package-lock.json

@@ -1117,11 +1117,11 @@
       "dev": true
     },
     "node_modules/actions-secret-parser": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/actions-secret-parser/-/actions-secret-parser-1.0.4.tgz",
-      "integrity": "sha512-gDAB8GK2Vj9CN5r97DZlmpxqrMcpAGKGWiIY3hpFhJMieLpl3K3ocVR49/Q4ANaA5a/2wNRE3Qng+x0K8mkmkQ==",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/actions-secret-parser/-/actions-secret-parser-1.0.3.tgz",
+      "integrity": "sha512-+iGlMSsE/cbxDaEZlqR0NUjn35DckMYsdYFwVeZ7JRbtyO/AiBKnaScKkzkHSoiZ4nEPTdIHtMpRGVgoeVYX+A==",
       "dependencies": {
-        "@actions/core": "^1.1.10",
+        "@actions/core": "^1.1.3",
         "jsonpath": "^1.0.2",
         "xmldom": "^0.1.27",
         "xpath": "0.0.27"

node_modules/actions-secret-parser/index.js

@@ -1,6 +1,5 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SecretParser = exports.FormatType = void 0;
 var core = require('@actions/core');
 var jp = require('jsonpath');
 var xpath = require('xpath');

node_modules/actions-secret-parser/package.json

@@ -1,8 +1,8 @@
 {
   "name": "actions-secret-parser",
-  "version": "1.0.4",
+  "version": "1.0.3",
   "description": "Parse and set repository secrets",
-  "main": "index.js",
+  "main": "lib/index.js",
   "scripts": {
     "build": "tsc",
     "copypackage": "copy package.json lib",
@@ -23,11 +23,10 @@
   "homepage": "https://github.com/Microsoft/pipelines-appservice-lib/tree/master/packages/utility",
   "license": "MIT",
   "devDependencies": {
-    "@types/node": "^18.11.17",
     "typescript": "^3.6.3"
   },
   "dependencies": {
-    "@actions/core": "^1.1.10",
+    "@actions/core": "^1.1.3",
     "jsonpath": "^1.0.2",
     "xmldom": "^0.1.27",
     "xpath": "0.0.27"

package-lock.json

@@ -12,7 +12,7 @@
         "@actions/core": "1.9.1",
         "@actions/exec": "^1.0.1",
         "@actions/io": "^1.0.1",
-        "actions-secret-parser": "^1.0.4",
+        "actions-secret-parser": "^1.0.2",
         "package-lock": "^1.0.3"
       },
       "devDependencies": {
@@ -1137,11 +1137,11 @@
       "dev": true
     },
     "node_modules/actions-secret-parser": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/actions-secret-parser/-/actions-secret-parser-1.0.4.tgz",
-      "integrity": "sha512-gDAB8GK2Vj9CN5r97DZlmpxqrMcpAGKGWiIY3hpFhJMieLpl3K3ocVR49/Q4ANaA5a/2wNRE3Qng+x0K8mkmkQ==",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/actions-secret-parser/-/actions-secret-parser-1.0.3.tgz",
+      "integrity": "sha512-+iGlMSsE/cbxDaEZlqR0NUjn35DckMYsdYFwVeZ7JRbtyO/AiBKnaScKkzkHSoiZ4nEPTdIHtMpRGVgoeVYX+A==",
       "dependencies": {
-        "@actions/core": "^1.1.10",
+        "@actions/core": "^1.1.3",
         "jsonpath": "^1.0.2",
         "xmldom": "^0.1.27",
         "xpath": "0.0.27"
@@ -4741,11 +4741,11 @@
       "dev": true
     },
     "actions-secret-parser": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/actions-secret-parser/-/actions-secret-parser-1.0.4.tgz",
-      "integrity": "sha512-gDAB8GK2Vj9CN5r97DZlmpxqrMcpAGKGWiIY3hpFhJMieLpl3K3ocVR49/Q4ANaA5a/2wNRE3Qng+x0K8mkmkQ==",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/actions-secret-parser/-/actions-secret-parser-1.0.3.tgz",
+      "integrity": "sha512-+iGlMSsE/cbxDaEZlqR0NUjn35DckMYsdYFwVeZ7JRbtyO/AiBKnaScKkzkHSoiZ4nEPTdIHtMpRGVgoeVYX+A==",
       "requires": {
-        "@actions/core": "^1.1.10",
+        "@actions/core": "^1.1.3",
         "jsonpath": "^1.0.2",
         "xmldom": "^0.1.27",
         "xpath": "0.0.27"

package.json

@@ -21,7 +21,7 @@
     "@actions/core": "1.9.1",
     "@actions/exec": "^1.0.1",
     "@actions/io": "^1.0.1",
-    "actions-secret-parser": "^1.0.4",
+    "actions-secret-parser": "^1.0.2",
     "package-lock": "^1.0.3"
   }
 }

src/Cli/AzureCliLogin.ts

@@ -34,8 +34,6 @@ export class AzureCliLogin {
         await this.executeAzCliCommand(["--version"], true, execOptions);
         core.debug(`Azure CLI version used:\n${output}`);
 
-        await this.executeAzCliCommand(["account", "clear"], true, execOptions);
-
         this.setAzurestackEnvIfNecessary();
 
         await this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
@@ -128,13 +126,14 @@ export class AzureCliLogin {
             args.push("--allow-no-subscriptions");
         }
         await this.executeAzCliCommand(args, true, this.loginOptions);
-        if (this.loginConfig.subscriptionId) {
-            await this.setSubscription();
-        }
+        await this.setSubscription();
         core.info(`Azure CLI login succeeds by using ${methodName}.`);
     }
 
     async setSubscription() {
+        if (this.loginConfig.allowNoSubscriptionsLogin) {
+            return;
+        }
         let args = ["account", "set", "--subscription", this.loginConfig.subscriptionId];
         await this.executeAzCliCommand(args, true, this.loginOptions);
         core.info("Subscription is set successfully.");
@@ -161,7 +160,7 @@ function defaultExecOptions(): exec.ExecOptions {
                 if (error && error.trim().length !== 0 && !startsWithWarning) {
                     if (startsWithError) {
                         //removing the keyword 'ERROR' to avoid duplicates while throwing error
-                        error = error.slice(7);
+                        error = error.slice(5);
                     }
                     core.error(error);
                 }

src/common/LoginConfig.ts

@@ -69,8 +69,8 @@ export class LoginConfig {
         this.tenantId = this.tenantId ? this.tenantId : secrets.getSecret("$.tenantId", false);
         this.subscriptionId = this.subscriptionId ? this.subscriptionId : secrets.getSecret("$.subscriptionId", false);
         this.resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false);
-        if (!this.servicePrincipalId || !this.servicePrincipalSecret || !this.tenantId) {
-            throw new Error("Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'tenantId'.");
+        if (!this.servicePrincipalId || !this.servicePrincipalSecret || !this.tenantId || !this.subscriptionId) {
+            throw new Error("Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'subscriptionId', 'tenantId'.");
         }
     }