diff --git a/lib/PowerShell/ServicePrincipalLogin.js b/lib/PowerShell/ServicePrincipalLogin.js index a1d358f7..7d8b0e55 100644 --- a/lib/PowerShell/ServicePrincipalLogin.js +++ b/lib/PowerShell/ServicePrincipalLogin.js @@ -38,9 +38,10 @@ const PowerShellToolRunner_1 = __importDefault(require("./Utilities/PowerShellTo const ScriptBuilder_1 = __importDefault(require("./Utilities/ScriptBuilder")); const Constants_1 = __importDefault(require("./Constants")); class ServicePrincipalLogin { - constructor(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl) { + constructor(servicePrincipalId, servicePrincipalKey, federatedToken, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl) { this.servicePrincipalId = servicePrincipalId; this.servicePrincipalKey = servicePrincipalKey; + this.federatedToken = federatedToken; this.tenantId = tenantId; this.subscriptionId = subscriptionId; this.environment = environment; @@ -68,6 +69,7 @@ class ServicePrincipalLogin { const args = { servicePrincipalId: this.servicePrincipalId, servicePrincipalKey: this.servicePrincipalKey, + federatedToken: this.federatedToken, subscriptionId: this.subscriptionId, environment: this.environment, scopeLevel: ServicePrincipalLogin.scopeLevel, diff --git a/lib/PowerShell/Utilities/ScriptBuilder.js b/lib/PowerShell/Utilities/ScriptBuilder.js index 21425d4d..25a7b601 100644 --- a/lib/PowerShell/Utilities/ScriptBuilder.js +++ b/lib/PowerShell/Utilities/ScriptBuilder.js @@ -35,9 +35,17 @@ class ScriptBuilder { if (args.environment.toLowerCase() == "azurestack") { command += `Add-AzEnvironment -Name ${args.environment} -ARMEndpoint ${args.resourceManagerEndpointUrl} | out-null;`; } - command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \ - (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \ - -Environment '${args.environment}' | out-null;`; + // Separate command script for OIDC and non-OIDC + if (!!args.federatedToken) { + command += `Connect-AzAccount -ServicePrincipal -ApplicationId '${args.servicePrincipalId}' -Tenant '${tenantId}' -FederatedToken '${args.federatedToken}' \ + -Environment '${args.environment}' | out-null;`; + } + else { + command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \ + (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \ + -Environment '${args.environment}' | out-null;`; + } + // command to set the subscription if (args.scopeLevel === Constants_1.default.Subscription && !args.allowNoSubscriptionsLogin) { command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`; } diff --git a/lib/main.js b/lib/main.js index a93c98e2..60f93750 100644 --- a/lib/main.js +++ b/lib/main.js @@ -79,6 +79,7 @@ function main() { var subscriptionId = core.getInput('subscription-id', { required: false }); var resourceManagerEndpointUrl = "https://management.azure.com/"; var enableOIDC = true; + var federatedToken = null; // If any of the individual credentials (clent_id, tenat_id, subscription_id) is present. if (servicePrincipalId || tenantId || subscriptionId) { //If few of the individual credentials (clent_id, tenat_id, subscription_id) are missing in action inputs. @@ -114,12 +115,10 @@ function main() { if (enableOIDC) { console.log('Using OIDC authentication...'); //generating ID-token - var idToken = yield core.getIDToken('api://AzureADTokenExchange'); - if (!!idToken) { + federatedToken = yield core.getIDToken('api://AzureADTokenExchange'); + if (!!federatedToken) { if (environment != "azurecloud") throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`); - if (enableAzPSSession) - throw new Error(`Powershell login is not supported with OIDC.`); } else { throw new Error("Could not get ID token for authentication."); @@ -165,7 +164,7 @@ function main() { commonArgs = commonArgs.concat("--allow-no-subscriptions"); } if (enableOIDC) { - commonArgs = commonArgs.concat("--federated-token", idToken); + commonArgs = commonArgs.concat("--federated-token", federatedToken); } else { commonArgs = commonArgs.concat("-p", servicePrincipalKey); @@ -182,7 +181,8 @@ function main() { if (enableAzPSSession) { // Attempting Az PS login console.log(`Running Azure PS Login`); - const spnlogin = new ServicePrincipalLogin_1.ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl); + var spnlogin; + spnlogin = new ServicePrincipalLogin_1.ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, federatedToken, tenantId, subscriptionId, allowNoSubscriptionsLogin, environment, resourceManagerEndpointUrl); yield spnlogin.initialize(); yield spnlogin.login(); } diff --git a/src/PowerShell/ServicePrincipalLogin.ts b/src/PowerShell/ServicePrincipalLogin.ts index cc8a2dde..646e9cdb 100644 --- a/src/PowerShell/ServicePrincipalLogin.ts +++ b/src/PowerShell/ServicePrincipalLogin.ts @@ -15,9 +15,11 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession { subscriptionId: string; resourceManagerEndpointUrl: string; allowNoSubscriptionsLogin: boolean; + federatedToken:string; constructor(servicePrincipalId: string, servicePrincipalKey: string, + federatedToken: string, tenantId: string, subscriptionId: string, allowNoSubscriptionsLogin: boolean, @@ -26,6 +28,7 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession { this.servicePrincipalId = servicePrincipalId; this.servicePrincipalKey = servicePrincipalKey; + this.federatedToken = federatedToken; this.tenantId = tenantId; this.subscriptionId = subscriptionId; this.environment = environment; @@ -52,6 +55,7 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession { const args: any = { servicePrincipalId: this.servicePrincipalId, servicePrincipalKey: this.servicePrincipalKey, + federatedToken: this.federatedToken, subscriptionId: this.subscriptionId, environment: this.environment, scopeLevel: ServicePrincipalLogin.scopeLevel, diff --git a/src/PowerShell/Utilities/ScriptBuilder.ts b/src/PowerShell/Utilities/ScriptBuilder.ts index 323241d0..883d7b52 100644 --- a/src/PowerShell/Utilities/ScriptBuilder.ts +++ b/src/PowerShell/Utilities/ScriptBuilder.ts @@ -8,17 +8,23 @@ export default class ScriptBuilder { getAzPSLoginScript(scheme: string, tenantId: string, args: any): string { let command = `Clear-AzContext -Scope Process; Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue;`; - + if (scheme === Constants.ServicePrincipal) { if (args.environment.toLowerCase() == "azurestack") { command += `Add-AzEnvironment -Name ${args.environment} -ARMEndpoint ${args.resourceManagerEndpointUrl} | out-null;`; } - - command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \ - (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \ - -Environment '${args.environment}' | out-null;`; - + // Separate command script for OIDC and non-OIDC + if(!!args.federatedToken) { + command += `Connect-AzAccount -ServicePrincipal -ApplicationId '${args.servicePrincipalId}' -Tenant '${tenantId}' -FederatedToken '${args.federatedToken}' \ + -Environment '${args.environment}' | out-null;`; + } + else { + command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \ + (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \ + -Environment '${args.environment}' | out-null;`; + } + // command to set the subscription if (args.scopeLevel === Constants.Subscription && !args.allowNoSubscriptionsLogin) { command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`; } @@ -35,7 +41,7 @@ export default class ScriptBuilder { $output['${Constants.Error}'] = $_.exception.Message } return ConvertTo-Json $output`; - + core.debug(`Azure PowerShell Login Script: ${this.script}`); return this.script; } diff --git a/src/main.ts b/src/main.ts index 3374ae0f..399b6c23 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,212 +1,214 @@ -import * as core from '@actions/core'; -import * as exec from '@actions/exec'; -import * as io from '@actions/io'; -import { FormatType, SecretParser } from 'actions-secret-parser'; -import { ServicePrincipalLogin } from './PowerShell/ServicePrincipalLogin'; - -var azPath: string; -var prefix = !!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT}` : ""; -var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT}` : ""; - -async function main() { - try { - // Set user agent variable - var isAzCLISuccess = false; - let usrAgentRepo = `${process.env.GITHUB_REPOSITORY}`; - let actionName = 'AzureLogin'; - let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`; - let azurePSHostEnv = (!!azPSHostEnv ? `${azPSHostEnv}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`; - core.exportVariable('AZURE_HTTP_USER_AGENT', userAgentString); - core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv); - - azPath = await io.which("az", true); - core.debug(`az cli version used: ${azPath}`); - let azureSupportedCloudName = new Set([ - "azureusgovernment", - "azurechinacloud", - "azuregermancloud", - "azurecloud", - "azurestack"]); - - let output: string = ""; - const execOptions: any = { - listeners: { - stdout: (data: Buffer) => { - output += data.toString(); - } - } - }; - await executeAzCliCommand("--version", true, execOptions); - core.debug(`az cli version used:\n${output}`); - - let creds = core.getInput('creds', { required: false }); - let secrets = creds ? new SecretParser(creds, FormatType.JSON) : null; - let environment = core.getInput("environment").toLowerCase(); - const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true"; - const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true"; - - //Check for the credentials in individual parameters in the workflow. - var servicePrincipalId = core.getInput('client-id', { required: false });; - var servicePrincipalKey = null; - var tenantId = core.getInput('tenant-id', { required: false }); - var subscriptionId = core.getInput('subscription-id', { required: false }); - var resourceManagerEndpointUrl = "https://management.azure.com/"; - var enableOIDC = true; - - // If any of the individual credentials (clent_id, tenat_id, subscription_id) is present. - if (servicePrincipalId || tenantId || subscriptionId) { - - //If few of the individual credentials (clent_id, tenat_id, subscription_id) are missing in action inputs. - if(!(servicePrincipalId && tenantId && (subscriptionId || allowNoSubscriptionsLogin))) - throw new Error("Few credentials are missing.ClientId,tenantId are mandatory. SubscriptionId is also mandatory if allow-no-subscriptions is not set."); - } - else{ - if (creds) { - core.debug('using creds JSON...'); - enableOIDC = false; - servicePrincipalId = secrets.getSecret("$.clientId", true); - servicePrincipalKey = secrets.getSecret("$.clientSecret", true); - tenantId = secrets.getSecret("$.tenantId", true); - subscriptionId = secrets.getSecret("$.subscriptionId", true); - resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false); - } - else { - throw new Error("Credentials are not passed for Login action."); - } - } - //generic checks - //servicePrincipalKey is only required in non-oidc scenario. - if (!servicePrincipalId || !tenantId || !(servicePrincipalKey || enableOIDC)) { - throw new Error("Not all values are present in the credentials. Ensure clientId, clientSecret and tenantId are supplied."); - } - if (!subscriptionId && !allowNoSubscriptionsLogin) { - throw new Error("Not all values are present in the credentials. Ensure subscriptionId is supplied."); - } - if (!azureSupportedCloudName.has(environment)) { - throw new Error("Unsupported value for environment is passed.The list of supported values for environment are ‘azureusgovernment', ‘azurechinacloud’, ‘azuregermancloud’, ‘azurecloud’ or ’azurestack’"); - } - - // OIDC specific checks - if (enableOIDC) { - console.log('Using OIDC authentication...') - //generating ID-token - var idToken = await core.getIDToken('api://AzureADTokenExchange'); - if (!!idToken) { - if (environment != "azurecloud") - throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`); - if (enableAzPSSession) - throw new Error(`Powershell login is not supported with OIDC.`); - } - else { - throw new Error("Could not get ID token for authentication."); - } - } - - // Attempting Az cli login - if (environment == "azurestack") { - if (!resourceManagerEndpointUrl) { - throw new Error("resourceManagerEndpointUrl is a required parameter when environment is defined."); - } - - console.log(`Unregistering cloud: "${environment}" first if it exists`); - try { - await executeAzCliCommand(`cloud set -n AzureCloud`, true); - await executeAzCliCommand(`cloud unregister -n "${environment}"`, false); - } - catch (error) { - console.log(`Ignore cloud not registered error: "${error}"`); - } - - console.log(`Registering cloud: "${environment}" with ARM endpoint: "${resourceManagerEndpointUrl}"`); - try { - let baseUri = resourceManagerEndpointUrl; - if (baseUri.endsWith('/')) { - baseUri = baseUri.substring(0, baseUri.length - 1); // need to remove trailing / from resourceManagerEndpointUrl to correctly derive suffixes below - } - let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with . - let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without . - let profileVersion = "2019-03-01-hybrid"; - await executeAzCliCommand(`cloud register -n "${environment}" --endpoint-resource-manager "${resourceManagerEndpointUrl}" --suffix-keyvault-dns "${suffixKeyvault}" --suffix-storage-endpoint "${suffixStorage}" --profile "${profileVersion}"`, false); - } - catch (error) { - core.error(`Error while trying to register cloud "${environment}": "${error}"`); - } - - console.log(`Done registering cloud: "${environment}"`) - } - - await executeAzCliCommand(`cloud set -n "${environment}"`, false); - console.log(`Done setting cloud: "${environment}"`); - - // Attempting Az cli login - var commonArgs = ["--service-principal", - "-u", servicePrincipalId, - "--tenant", tenantId - ]; - if (allowNoSubscriptionsLogin) { - commonArgs = commonArgs.concat("--allow-no-subscriptions"); - } - if (enableOIDC) { - commonArgs = commonArgs.concat("--federated-token", idToken); - } - else { - commonArgs = commonArgs.concat("-p", servicePrincipalKey); - } - await executeAzCliCommand(`login`, true, {}, commonArgs); - - if(!allowNoSubscriptionsLogin){ - var args = [ - "--subscription", - subscriptionId - ]; - await executeAzCliCommand(`account set`, true, {}, args); - } - isAzCLISuccess = true; - if (enableAzPSSession) { - // Attempting Az PS login - console.log(`Running Azure PS Login`); - const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin( - servicePrincipalId, - servicePrincipalKey, - tenantId, - subscriptionId, - allowNoSubscriptionsLogin, - environment, - resourceManagerEndpointUrl); - await spnlogin.initialize(); - await spnlogin.login(); - } - - console.log("Login successful."); - } - catch (error) { - if (!isAzCLISuccess) { - core.error("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"); - } - else { - core.error(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`); - } - core.setFailed(error); - } - finally { - // Reset AZURE_HTTP_USER_AGENT - core.exportVariable('AZURE_HTTP_USER_AGENT', prefix); - core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azPSHostEnv); - } -} - -async function executeAzCliCommand( - command: string, - silent?: boolean, - execOptions: any = {}, - args: any = []) { - execOptions.silent = !!silent; - try { - await exec.exec(`"${azPath}" ${command}`, args, execOptions); - } - catch (error) { - throw new Error(error); - } -} - -main(); +import * as core from '@actions/core'; +import * as exec from '@actions/exec'; +import * as io from '@actions/io'; +import { FormatType, SecretParser } from 'actions-secret-parser'; +import { AnyARecord } from 'dns'; +import { ServicePrincipalLogin } from './PowerShell/ServicePrincipalLogin'; + +var azPath: string; +var prefix = !!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT}` : ""; +var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT}` : ""; + +async function main() { + try { + // Set user agent variable + var isAzCLISuccess = false; + let usrAgentRepo = `${process.env.GITHUB_REPOSITORY}`; + let actionName = 'AzureLogin'; + let userAgentString = (!!prefix ? `${prefix}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`; + let azurePSHostEnv = (!!azPSHostEnv ? `${azPSHostEnv}+` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`; + core.exportVariable('AZURE_HTTP_USER_AGENT', userAgentString); + core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azurePSHostEnv); + + azPath = await io.which("az", true); + core.debug(`az cli version used: ${azPath}`); + let azureSupportedCloudName = new Set([ + "azureusgovernment", + "azurechinacloud", + "azuregermancloud", + "azurecloud", + "azurestack"]); + + let output: string = ""; + const execOptions: any = { + listeners: { + stdout: (data: Buffer) => { + output += data.toString(); + } + } + }; + await executeAzCliCommand("--version", true, execOptions); + core.debug(`az cli version used:\n${output}`); + + let creds = core.getInput('creds', { required: false }); + let secrets = creds ? new SecretParser(creds, FormatType.JSON) : null; + let environment = core.getInput("environment").toLowerCase(); + const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true"; + const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true"; + + //Check for the credentials in individual parameters in the workflow. + var servicePrincipalId = core.getInput('client-id', { required: false });; + var servicePrincipalKey = null; + var tenantId = core.getInput('tenant-id', { required: false }); + var subscriptionId = core.getInput('subscription-id', { required: false }); + var resourceManagerEndpointUrl = "https://management.azure.com/"; + var federatedToken = null; + + // If any of the individual credentials (clent_id, tenat_id, subscription_id) is present. + if (servicePrincipalId || tenantId || subscriptionId) { + + //If few of the individual credentials (clent_id, tenat_id, subscription_id) are missing in action inputs. + if(!(servicePrincipalId && tenantId && (subscriptionId || allowNoSubscriptionsLogin))) + throw new Error("Few credentials are missing.ClientId,tenantId are mandatory. SubscriptionId is also mandatory if allow-no-subscriptions is not set."); + } + else{ + if (creds) { + core.debug('using creds JSON...'); + enableOIDC = false; + servicePrincipalId = secrets.getSecret("$.clientId", true); + servicePrincipalKey = secrets.getSecret("$.clientSecret", true); + tenantId = secrets.getSecret("$.tenantId", true); + subscriptionId = secrets.getSecret("$.subscriptionId", true); + resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false); + } + else { + throw new Error("Credentials are not passed for Login action."); + } + } + //generic checks + //servicePrincipalKey is only required in non-oidc scenario. + if (!servicePrincipalId || !tenantId || !(servicePrincipalKey || enableOIDC)) { + throw new Error("Not all values are present in the credentials. Ensure clientId, clientSecret and tenantId are supplied."); + } + if (!subscriptionId && !allowNoSubscriptionsLogin) { + throw new Error("Not all values are present in the credentials. Ensure subscriptionId is supplied."); + } + if (!azureSupportedCloudName.has(environment)) { + throw new Error("Unsupported value for environment is passed.The list of supported values for environment are ‘azureusgovernment', ‘azurechinacloud’, ‘azuregermancloud’, ‘azurecloud’ or ’azurestack’"); + } + + // OIDC specific checks + if (enableOIDC) { + console.log('Using OIDC authentication...') + //generating ID-token + federatedToken = await core.getIDToken('api://AzureADTokenExchange'); + if (!!federatedToken) { + if (environment != "azurecloud") + throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`); + } + else { + throw new Error("Could not get ID token for authentication."); + } + } + + // Attempting Az cli login + if (environment == "azurestack") { + if (!resourceManagerEndpointUrl) { + throw new Error("resourceManagerEndpointUrl is a required parameter when environment is defined."); + } + + console.log(`Unregistering cloud: "${environment}" first if it exists`); + try { + await executeAzCliCommand(`cloud set -n AzureCloud`, true); + await executeAzCliCommand(`cloud unregister -n "${environment}"`, false); + } + catch (error) { + console.log(`Ignore cloud not registered error: "${error}"`); + } + + console.log(`Registering cloud: "${environment}" with ARM endpoint: "${resourceManagerEndpointUrl}"`); + try { + let baseUri = resourceManagerEndpointUrl; + if (baseUri.endsWith('/')) { + baseUri = baseUri.substring(0, baseUri.length - 1); // need to remove trailing / from resourceManagerEndpointUrl to correctly derive suffixes below + } + let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with . + let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without . + let profileVersion = "2019-03-01-hybrid"; + await executeAzCliCommand(`cloud register -n "${environment}" --endpoint-resource-manager "${resourceManagerEndpointUrl}" --suffix-keyvault-dns "${suffixKeyvault}" --suffix-storage-endpoint "${suffixStorage}" --profile "${profileVersion}"`, false); + } + catch (error) { + core.error(`Error while trying to register cloud "${environment}": "${error}"`); + } + + console.log(`Done registering cloud: "${environment}"`) + } + + await executeAzCliCommand(`cloud set -n "${environment}"`, false); + console.log(`Done setting cloud: "${environment}"`); + + // Attempting Az cli login + var commonArgs = ["--service-principal", + "-u", servicePrincipalId, + "--tenant", tenantId + ]; + if (allowNoSubscriptionsLogin) { + commonArgs = commonArgs.concat("--allow-no-subscriptions"); + } + if (enableOIDC) { + commonArgs = commonArgs.concat("--federated-token", federatedToken); + } + else { + commonArgs = commonArgs.concat("-p", servicePrincipalKey); + } + await executeAzCliCommand(`login`, true, {}, commonArgs); + + if(!allowNoSubscriptionsLogin){ + var args = [ + "--subscription", + subscriptionId + ]; + await executeAzCliCommand(`account set`, true, {}, args); + } + isAzCLISuccess = true; + if (enableAzPSSession) { + // Attempting Az PS login + console.log(`Running Azure PS Login`); + var spnlogin:ServicePrincipalLogin; + + spnlogin = new ServicePrincipalLogin( + servicePrincipalId, + servicePrincipalKey, + federatedToken, + tenantId, + subscriptionId, + allowNoSubscriptionsLogin, + environment, + resourceManagerEndpointUrl); + await spnlogin.initialize(); + await spnlogin.login(); + } + + console.log("Login successful."); + } + catch (error) { + if (!isAzCLISuccess) { + core.error("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"); + } + else { + core.error(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`); + } + core.setFailed(error); + } + finally { + // Reset AZURE_HTTP_USER_AGENT + core.exportVariable('AZURE_HTTP_USER_AGENT', prefix); + core.exportVariable('AZUREPS_HOST_ENVIRONMENT', azPSHostEnv); + } +} + +async function executeAzCliCommand( + command: string, + silent?: boolean, + execOptions: any = {}, + args: any = []) { + execOptions.silent = !!silent; + try { + await exec.exec(`"${azPath}" ${command}`, args, execOptions); + } + catch (error) { + throw new Error(error); + } +} + +main();