From db750ed598784bdcdfd4927ec699ed97d797ce44 Mon Sep 17 00:00:00 2001
From: Ganesh S <ganeshs@CBREV-KESTUR.redmond.corp.microsoft.com>
Date: Tue, 20 Oct 2020 13:26:18 +0530
Subject: [PATCH 1/4] Added no subscription support

---
 src/PowerShell/Utilities/ScriptBuilder.ts |  4 +++-
 src/main.ts                               | 13 +++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/PowerShell/Utilities/ScriptBuilder.ts b/src/PowerShell/Utilities/ScriptBuilder.ts
index d43060e8..fb4fbfcb 100644
--- a/src/PowerShell/Utilities/ScriptBuilder.ts
+++ b/src/PowerShell/Utilities/ScriptBuilder.ts
@@ -12,7 +12,9 @@ export default class ScriptBuilder {
             command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
             (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
                 -Environment '${args.environment}' | out-null;`;
-            if (args.scopeLevel === Constants.Subscription) {
+            if (args.scopeLevel === Constants.Subscription && 
+                args.subscriptionId && 
+                args.subscriptionId.length > 0) {
                 command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`;
             }
         }
diff --git a/src/main.ts b/src/main.ts
index cbe0b20e..87e9f4cb 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -31,12 +31,17 @@ async function main() {
         let tenantId = secrets.getSecret("$.tenantId", false);
         let subscriptionId = secrets.getSecret("$.subscriptionId", false);
         const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
-        if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !subscriptionId) {
-            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret, tenantId and subscriptionId are supplied.");
+        if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
+            throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
         }
         // Attempting Az cli login
-        await executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
-        await executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+        if (!subscriptionId) {
+            await executeAzCliCommand(`login --allow-no-subscriptions --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
+        }
+        else {
+            await executeAzCliCommand(`login --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
+            await executeAzCliCommand(`account set --subscription "${subscriptionId}"`, true);
+        }
         isAzCLISuccess = true;
         if (enableAzPSSession) {
             // Attempting Az PS login

From b1b178e95a8ca7ebf17bb75cd964e1a6765261ba Mon Sep 17 00:00:00 2001
From: Ganeshrockz <ganeshrockz@github.com>
Date: Tue, 20 Oct 2020 16:49:38 +0530
Subject: [PATCH 2/4] Added L0s

---
 .../Utilities/ScriptBuilder.test.ts           | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 __tests__/PowerShell/Utilities/ScriptBuilder.test.ts

diff --git a/__tests__/PowerShell/Utilities/ScriptBuilder.test.ts b/__tests__/PowerShell/Utilities/ScriptBuilder.test.ts
new file mode 100644
index 00000000..9b5dcb9a
--- /dev/null
+++ b/__tests__/PowerShell/Utilities/ScriptBuilder.test.ts
@@ -0,0 +1,23 @@
+import ScriptBuilder from "../../../src/PowerShell/Utilities/ScriptBuilder";
+import Constants from "../../../src/PowerShell/Constants";
+
+describe("Getting AzLogin PS script" , () => {
+    const scheme = Constants.ServicePrincipal;
+    let args: any = {
+        servicePrincipalId: "service-principal-id",
+        servicePrincipalKey: "service-principal-key",
+        environment: "environment",
+        scopeLevel: Constants.Subscription
+    }
+
+    test("PS script should not set context without passing subscriptionId", () => {
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeFalsy();
+    });
+
+    test("PS script should set context after passing subscriptionId", () => {
+        args["subscriptionId"] = "subscription-id";
+        const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
+        expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeTruthy();
+    });
+});
\ No newline at end of file

From 2cd1bbfddf51e54507f4e92bbd9361cbb4718cc7 Mon Sep 17 00:00:00 2001
From: Ganeshrockz <ganeshrockz@github.com>
Date: Fri, 30 Oct 2020 13:48:25 +0530
Subject: [PATCH 3/4] added no subcriptions login support

---
 action.yml                                |  4 ++++
 src/PowerShell/ServicePrincipalLogin.ts   | 11 +++++++++--
 src/PowerShell/Utilities/ScriptBuilder.ts |  4 +---
 src/main.ts                               | 10 ++++++++--
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/action.yml b/action.yml
index c166d10e..e7bd4f63 100644
--- a/action.yml
+++ b/action.yml
@@ -9,6 +9,10 @@ inputs:
     description: 'Set this value to true to enable Azure PowerShell Login in addition to Az CLI login'
     required: false
     default: false
+  allow-no-subscriptions:
+    description: 'Set this value to true to enable support for accessing tenants without subscriptions'
+    required: false
+    default: false
 branding:
   icon: 'login.svg'
   color: 'blue'
diff --git a/src/PowerShell/ServicePrincipalLogin.ts b/src/PowerShell/ServicePrincipalLogin.ts
index 8aa293a4..580bff56 100644
--- a/src/PowerShell/ServicePrincipalLogin.ts
+++ b/src/PowerShell/ServicePrincipalLogin.ts
@@ -13,12 +13,18 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession {
     servicePrincipalKey: string;
     tenantId: string;
     subscriptionId: string;
+    allowNoSubscriptionsLogin: boolean;
 
-    constructor(servicePrincipalId: string, servicePrincipalKey: string, tenantId: string, subscriptionId: string) {
+    constructor(servicePrincipalId: string, 
+        servicePrincipalKey: string, 
+        tenantId: string, 
+        subscriptionId: string,
+        allowNoSubscriptionsLogin: boolean) {
         this.servicePrincipalId = servicePrincipalId;
         this.servicePrincipalKey = servicePrincipalKey;
         this.tenantId = tenantId;
         this.subscriptionId = subscriptionId;
+        this.allowNoSubscriptionsLogin = allowNoSubscriptionsLogin;
     }
 
     async initialize() {
@@ -42,7 +48,8 @@ export class ServicePrincipalLogin implements IAzurePowerShellSession {
             servicePrincipalKey: this.servicePrincipalKey,
             subscriptionId: this.subscriptionId,
             environment: ServicePrincipalLogin.environment,
-            scopeLevel: ServicePrincipalLogin.scopeLevel
+            scopeLevel: ServicePrincipalLogin.scopeLevel,
+            allowNoSubscriptionsLogin: this.allowNoSubscriptionsLogin
         }
         const script: string = new ScriptBuilder().getAzPSLoginScript(ServicePrincipalLogin.scheme, this.tenantId, args);
         await PowerShellToolRunner.init();
diff --git a/src/PowerShell/Utilities/ScriptBuilder.ts b/src/PowerShell/Utilities/ScriptBuilder.ts
index fb4fbfcb..9f383891 100644
--- a/src/PowerShell/Utilities/ScriptBuilder.ts
+++ b/src/PowerShell/Utilities/ScriptBuilder.ts
@@ -12,9 +12,7 @@ export default class ScriptBuilder {
             command += `Connect-AzAccount -ServicePrincipal -Tenant '${tenantId}' -Credential \
             (New-Object System.Management.Automation.PSCredential('${args.servicePrincipalId}',(ConvertTo-SecureString '${args.servicePrincipalKey.replace("'", "''")}' -AsPlainText -Force))) \
                 -Environment '${args.environment}' | out-null;`;
-            if (args.scopeLevel === Constants.Subscription && 
-                args.subscriptionId && 
-                args.subscriptionId.length > 0) {
+            if (args.scopeLevel === Constants.Subscription && !args.allowNoSubscriptionsLogin) {
                 command += `Set-AzContext -SubscriptionId '${args.subscriptionId}' -TenantId '${tenantId}' | out-null;`;
             }
         }
diff --git a/src/main.ts b/src/main.ts
index 87e9f4cb..755dcbfe 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -31,11 +31,17 @@ async function main() {
         let tenantId = secrets.getSecret("$.tenantId", false);
         let subscriptionId = secrets.getSecret("$.subscriptionId", false);
         const enableAzPSSession = core.getInput('enable-AzPSSession').toLowerCase() === "true";
+        const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
         if (!servicePrincipalId || !servicePrincipalKey || !tenantId) {
             throw new Error("Not all values are present in the creds object. Ensure clientId, clientSecret and tenantId are supplied.");
         }
+
+        if (!subscriptionId && !allowNoSubscriptionsLogin) {
+            throw new Error("Not all values are present in the creds object. Ensure subscriptionId is supplied.");
+        }
+
         // Attempting Az cli login
-        if (!subscriptionId) {
+        if (allowNoSubscriptionsLogin) {
             await executeAzCliCommand(`login --allow-no-subscriptions --service-principal -u "${servicePrincipalId}" -p "${servicePrincipalKey}" --tenant "${tenantId}"`, true);
         }
         else {
@@ -46,7 +52,7 @@ async function main() {
         if (enableAzPSSession) {
             // Attempting Az PS login
             console.log(`Running Azure PS Login`);
-            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId);
+            const spnlogin: ServicePrincipalLogin = new ServicePrincipalLogin(servicePrincipalId, servicePrincipalKey, tenantId, subscriptionId, allowNoSubscriptionsLogin);
             await spnlogin.initialize();
             await spnlogin.login();
         }

From 1ba06e2c3aba568ebffa6f84377a97eb1481f6f8 Mon Sep 17 00:00:00 2001
From: Ganeshrockz <ganeshrockz@github.com>
Date: Fri, 30 Oct 2020 16:38:45 +0530
Subject: [PATCH 4/4] test changes

---
 __tests__/PowerShell/ServicePrinicipalLogin.test.ts  |  2 +-
 __tests__/PowerShell/Utilities/ScriptBuilder.test.ts | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/__tests__/PowerShell/ServicePrinicipalLogin.test.ts b/__tests__/PowerShell/ServicePrinicipalLogin.test.ts
index f8fdbb24..ffd59881 100644
--- a/__tests__/PowerShell/ServicePrinicipalLogin.test.ts
+++ b/__tests__/PowerShell/ServicePrinicipalLogin.test.ts
@@ -5,7 +5,7 @@ jest.mock('../../src/PowerShell/Utilities/PowerShellToolRunner');
 let spnlogin: ServicePrincipalLogin;
 
 beforeAll(() => {
-    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId");
+    spnlogin = new ServicePrincipalLogin("servicePrincipalID", "servicePrinicipalkey", "tenantId", "subscriptionId", false);
 });
 
 afterEach(() => {
diff --git a/__tests__/PowerShell/Utilities/ScriptBuilder.test.ts b/__tests__/PowerShell/Utilities/ScriptBuilder.test.ts
index 9b5dcb9a..291cbd04 100644
--- a/__tests__/PowerShell/Utilities/ScriptBuilder.test.ts
+++ b/__tests__/PowerShell/Utilities/ScriptBuilder.test.ts
@@ -7,16 +7,18 @@ describe("Getting AzLogin PS script" , () => {
         servicePrincipalId: "service-principal-id",
         servicePrincipalKey: "service-principal-key",
         environment: "environment",
-        scopeLevel: Constants.Subscription
+        scopeLevel: Constants.Subscription,
+        subscriptionId: "subId",
+        allowNoSubscriptionsLogin: true
     }
 
-    test("PS script should not set context without passing subscriptionId", () => {
+    test("PS script should not set context while passing allowNoSubscriptionsLogin as true", () => {
         const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
         expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeFalsy();
     });
 
-    test("PS script should set context after passing subscriptionId", () => {
-        args["subscriptionId"] = "subscription-id";
+    test("PS script should set context while passing allowNoSubscriptionsLogin as false", () => {
+        args["allowNoSubscriptionsLogin"] = false;
         const loginScript = new ScriptBuilder().getAzPSLoginScript(scheme, "tenant-id", args);
         expect(loginScript.includes("Set-AzContext -SubscriptionId")).toBeTruthy();
     });