Skip to content

Commit 8c334a1

Browse files
MoChiliaMoChilia
committed
prepare release v2
1 parent 81e1d9f commit 8c334a1

File tree

5,497 files changed

+1551173
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

5,497 files changed

+1551173
-0
lines changed

lib/Cli/AzureCliLogin.js

Lines changed: 193 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,193 @@
1+
"use strict";
2+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3+
if (k2 === undefined) k2 = k;
4+
var desc = Object.getOwnPropertyDescriptor(m, k);
5+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6+
desc = { enumerable: true, get: function() { return m[k]; } };
7+
}
8+
Object.defineProperty(o, k2, desc);
9+
}) : (function(o, m, k, k2) {
10+
if (k2 === undefined) k2 = k;
11+
o[k2] = m[k];
12+
}));
13+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14+
Object.defineProperty(o, "default", { enumerable: true, value: v });
15+
}) : function(o, v) {
16+
o["default"] = v;
17+
});
18+
var __importStar = (this && this.__importStar) || function (mod) {
19+
if (mod && mod.__esModule) return mod;
20+
var result = {};
21+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
22+
__setModuleDefault(result, mod);
23+
return result;
24+
};
25+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
26+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
27+
return new (P || (P = Promise))(function (resolve, reject) {
28+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
29+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
30+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
31+
step((generator = generator.apply(thisArg, _arguments || [])).next());
32+
});
33+
};
34+
Object.defineProperty(exports, "__esModule", { value: true });
35+
exports.AzureCliLogin = void 0;
36+
const exec = __importStar(require("@actions/exec"));
37+
const LoginConfig_1 = require("../common/LoginConfig");
38+
const core = __importStar(require("@actions/core"));
39+
const io = __importStar(require("@actions/io"));
40+
class AzureCliLogin {
41+
constructor(loginConfig) {
42+
this.loginConfig = loginConfig;
43+
this.loginOptions = defaultExecOptions();
44+
}
45+
login() {
46+
return __awaiter(this, void 0, void 0, function* () {
47+
core.info(`Running Azure CLI Login.`);
48+
this.azPath = yield io.which("az", true);
49+
core.debug(`Azure CLI path: ${this.azPath}`);
50+
let output = "";
51+
const execOptions = {
52+
listeners: {
53+
stdout: (data) => {
54+
output += data.toString();
55+
}
56+
}
57+
};
58+
yield this.executeAzCliCommand(["--version"], true, execOptions);
59+
core.debug(`Azure CLI version used:\n${output}`);
60+
this.setAzurestackEnvIfNecessary();
61+
yield this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
62+
core.info(`Done setting cloud: "${this.loginConfig.environment}"`);
63+
if (this.loginConfig.authType === LoginConfig_1.LoginConfig.AUTH_TYPE_SERVICE_PRINCIPAL) {
64+
let args = ["--service-principal",
65+
"--username", this.loginConfig.servicePrincipalId,
66+
"--tenant", this.loginConfig.tenantId
67+
];
68+
if (this.loginConfig.servicePrincipalSecret) {
69+
yield this.loginWithSecret(args);
70+
}
71+
else {
72+
yield this.loginWithOIDC(args);
73+
}
74+
}
75+
else {
76+
let args = ["--identity"];
77+
if (this.loginConfig.servicePrincipalId) {
78+
yield this.loginWithUserAssignedIdentity(args);
79+
}
80+
else {
81+
yield this.loginWithSystemAssignedIdentity(args);
82+
}
83+
}
84+
});
85+
}
86+
setAzurestackEnvIfNecessary() {
87+
return __awaiter(this, void 0, void 0, function* () {
88+
if (this.loginConfig.environment != "azurestack") {
89+
return;
90+
}
91+
if (!this.loginConfig.resourceManagerEndpointUrl) {
92+
throw new Error("resourceManagerEndpointUrl is a required parameter when environment is defined.");
93+
}
94+
core.info(`Unregistering cloud: "${this.loginConfig.environment}" first if it exists`);
95+
try {
96+
yield this.executeAzCliCommand(["cloud", "set", "-n", "AzureCloud"], true);
97+
yield this.executeAzCliCommand(["cloud", "unregister", "-n", this.loginConfig.environment], false);
98+
}
99+
catch (error) {
100+
core.info(`Ignore cloud not registered error: "${error}"`);
101+
}
102+
core.info(`Registering cloud: "${this.loginConfig.environment}" with ARM endpoint: "${this.loginConfig.resourceManagerEndpointUrl}"`);
103+
try {
104+
let baseUri = this.loginConfig.resourceManagerEndpointUrl;
105+
if (baseUri.endsWith('/')) {
106+
baseUri = baseUri.substring(0, baseUri.length - 1); // need to remove trailing / from resourceManagerEndpointUrl to correctly derive suffixes below
107+
}
108+
let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
109+
let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without .
110+
let profileVersion = "2019-03-01-hybrid";
111+
yield this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", `"${this.loginConfig.resourceManagerEndpointUrl}"`, "--suffix-keyvault-dns", `"${suffixKeyvault}"`, "--suffix-storage-endpoint", `"${suffixStorage}"`, "--profile", `"${profileVersion}"`], false);
112+
}
113+
catch (error) {
114+
core.error(`Error while trying to register cloud "${this.loginConfig.environment}"`);
115+
throw error;
116+
}
117+
core.info(`Done registering cloud: "${this.loginConfig.environment}"`);
118+
});
119+
}
120+
loginWithSecret(args) {
121+
return __awaiter(this, void 0, void 0, function* () {
122+
core.info("Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.");
123+
args.push(`--password=${this.loginConfig.servicePrincipalSecret}`);
124+
yield this.callCliLogin(args, 'service principal with secret');
125+
});
126+
}
127+
loginWithOIDC(args) {
128+
return __awaiter(this, void 0, void 0, function* () {
129+
yield this.loginConfig.getFederatedToken();
130+
args.push("--federated-token", this.loginConfig.federatedToken);
131+
yield this.callCliLogin(args, 'OIDC');
132+
});
133+
}
134+
loginWithUserAssignedIdentity(args) {
135+
return __awaiter(this, void 0, void 0, function* () {
136+
args.push("--username", this.loginConfig.servicePrincipalId);
137+
yield this.callCliLogin(args, 'user-assigned managed identity');
138+
});
139+
}
140+
loginWithSystemAssignedIdentity(args) {
141+
return __awaiter(this, void 0, void 0, function* () {
142+
yield this.callCliLogin(args, 'system-assigned managed identity');
143+
});
144+
}
145+
callCliLogin(args, methodName) {
146+
return __awaiter(this, void 0, void 0, function* () {
147+
core.info(`Attempting Azure CLI login by using ${methodName}...`);
148+
args.unshift("login");
149+
if (this.loginConfig.allowNoSubscriptionsLogin) {
150+
args.push("--allow-no-subscriptions");
151+
}
152+
yield this.executeAzCliCommand(args, true, this.loginOptions);
153+
if (this.loginConfig.subscriptionId) {
154+
yield this.setSubscription();
155+
}
156+
core.info(`Azure CLI login succeeds by using ${methodName}.`);
157+
});
158+
}
159+
setSubscription() {
160+
return __awaiter(this, void 0, void 0, function* () {
161+
let args = ["account", "set", "--subscription", this.loginConfig.subscriptionId];
162+
yield this.executeAzCliCommand(args, true, this.loginOptions);
163+
core.info("Subscription is set successfully.");
164+
});
165+
}
166+
executeAzCliCommand(args, silent, execOptions = {}) {
167+
return __awaiter(this, void 0, void 0, function* () {
168+
execOptions.silent = !!silent;
169+
yield exec.exec(`"${this.azPath}"`, args, execOptions);
170+
});
171+
}
172+
}
173+
exports.AzureCliLogin = AzureCliLogin;
174+
function defaultExecOptions() {
175+
return {
176+
silent: true,
177+
listeners: {
178+
stderr: (data) => {
179+
let error = data.toString();
180+
let startsWithWarning = error.toLowerCase().startsWith('warning');
181+
let startsWithError = error.toLowerCase().startsWith('error');
182+
// printing ERROR
183+
if (error && error.trim().length !== 0 && !startsWithWarning) {
184+
if (startsWithError) {
185+
//removing the keyword 'ERROR' to avoid duplicates while throwing error
186+
error = error.slice(7);
187+
}
188+
core.error(error);
189+
}
190+
}
191+
}
192+
};
193+
}

lib/PowerShell/AzPSLogin.js

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
"use strict";
2+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3+
if (k2 === undefined) k2 = k;
4+
var desc = Object.getOwnPropertyDescriptor(m, k);
5+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6+
desc = { enumerable: true, get: function() { return m[k]; } };
7+
}
8+
Object.defineProperty(o, k2, desc);
9+
}) : (function(o, m, k, k2) {
10+
if (k2 === undefined) k2 = k;
11+
o[k2] = m[k];
12+
}));
13+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14+
Object.defineProperty(o, "default", { enumerable: true, value: v });
15+
}) : function(o, v) {
16+
o["default"] = v;
17+
});
18+
var __importStar = (this && this.__importStar) || function (mod) {
19+
if (mod && mod.__esModule) return mod;
20+
var result = {};
21+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
22+
__setModuleDefault(result, mod);
23+
return result;
24+
};
25+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
26+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
27+
return new (P || (P = Promise))(function (resolve, reject) {
28+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
29+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
30+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
31+
step((generator = generator.apply(thisArg, _arguments || [])).next());
32+
});
33+
};
34+
var __importDefault = (this && this.__importDefault) || function (mod) {
35+
return (mod && mod.__esModule) ? mod : { "default": mod };
36+
};
37+
Object.defineProperty(exports, "__esModule", { value: true });
38+
exports.AzPSLogin = void 0;
39+
const core = __importStar(require("@actions/core"));
40+
const AzPSScriptBuilder_1 = __importDefault(require("./AzPSScriptBuilder"));
41+
const AzPSUtils_1 = require("./AzPSUtils");
42+
class AzPSLogin {
43+
constructor(loginConfig) {
44+
this.loginConfig = loginConfig;
45+
}
46+
login() {
47+
return __awaiter(this, void 0, void 0, function* () {
48+
core.info(`Running Azure PowerShell Login.`);
49+
AzPSUtils_1.AzPSUtils.setPSModulePathForGitHubRunner();
50+
yield AzPSUtils_1.AzPSUtils.importLatestAzAccounts();
51+
const [loginMethod, loginScript] = yield AzPSScriptBuilder_1.default.getAzPSLoginScript(this.loginConfig);
52+
core.info(`Attempting Azure PowerShell login by using ${loginMethod}...`);
53+
core.debug(`Azure PowerShell Login Script: ${loginScript}`);
54+
yield AzPSUtils_1.AzPSUtils.runPSScript(loginScript);
55+
console.log(`Running Azure PowerShell Login successfully.`);
56+
});
57+
}
58+
}
59+
exports.AzPSLogin = AzPSLogin;

lib/PowerShell/AzPSScriptBuilder.js

Lines changed: 116 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,116 @@
1+
"use strict";
2+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4+
return new (P || (P = Promise))(function (resolve, reject) {
5+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8+
step((generator = generator.apply(thisArg, _arguments || [])).next());
9+
});
10+
};
11+
Object.defineProperty(exports, "__esModule", { value: true });
12+
const LoginConfig_1 = require("../common/LoginConfig");
13+
class AzPSScriptBuilder {
14+
static getImportLatestModuleScript(moduleName) {
15+
let script = `try {
16+
$ErrorActionPreference = "Stop"
17+
$WarningPreference = "SilentlyContinue"
18+
$output = @{}
19+
$latestModulePath = (Get-Module -Name '${moduleName}' -ListAvailable | Sort-Object Version -Descending | Select-Object -First 1).Path
20+
Import-Module -Name $latestModulePath
21+
$output['Success'] = $true
22+
$output['Result'] = $latestModulePath
23+
}
24+
catch {
25+
$output['Success'] = $false
26+
$output['Error'] = $_.exception.Message
27+
}
28+
return ConvertTo-Json $output`;
29+
return script;
30+
}
31+
static getAzPSLoginScript(loginConfig) {
32+
return __awaiter(this, void 0, void 0, function* () {
33+
let loginMethodName = "";
34+
let commands = "";
35+
if (loginConfig.environment.toLowerCase() == "azurestack") {
36+
commands += `Add-AzEnvironment -Name '${loginConfig.environment}' -ARMEndpoint '${loginConfig.resourceManagerEndpointUrl}' | out-null;`;
37+
}
38+
if (loginConfig.authType === LoginConfig_1.LoginConfig.AUTH_TYPE_SERVICE_PRINCIPAL) {
39+
if (loginConfig.servicePrincipalSecret) {
40+
commands += AzPSScriptBuilder.loginWithSecret(loginConfig);
41+
loginMethodName = 'service principal with secret';
42+
}
43+
else {
44+
commands += yield AzPSScriptBuilder.loginWithOIDC(loginConfig);
45+
loginMethodName = "OIDC";
46+
}
47+
}
48+
else {
49+
if (loginConfig.servicePrincipalId) {
50+
commands += AzPSScriptBuilder.loginWithUserAssignedIdentity(loginConfig);
51+
loginMethodName = 'user-assigned managed identity';
52+
}
53+
else {
54+
commands += AzPSScriptBuilder.loginWithSystemAssignedIdentity(loginConfig);
55+
loginMethodName = 'system-assigned managed identity';
56+
}
57+
}
58+
let script = `try {
59+
$ErrorActionPreference = "Stop"
60+
$WarningPreference = "SilentlyContinue"
61+
$output = @{}
62+
${commands}
63+
$output['Success'] = $true
64+
$output['Result'] = ""
65+
}
66+
catch {
67+
$output['Success'] = $false
68+
$output['Error'] = $_.exception.Message
69+
}
70+
return ConvertTo-Json $output`;
71+
return [loginMethodName, script];
72+
});
73+
}
74+
static loginWithSecret(loginConfig) {
75+
let servicePrincipalSecret = loginConfig.servicePrincipalSecret.split("'").join("''");
76+
let loginCmdlet = `$psLoginSecrets = ConvertTo-SecureString '${servicePrincipalSecret}' -AsPlainText -Force; `;
77+
loginCmdlet += `$psLoginCredential = New-Object System.Management.Automation.PSCredential('${loginConfig.servicePrincipalId}', $psLoginSecrets); `;
78+
let cmdletSuffix = "-Credential $psLoginCredential";
79+
loginCmdlet += AzPSScriptBuilder.psLoginCmdlet(loginConfig.authType, loginConfig.environment, loginConfig.tenantId, loginConfig.subscriptionId, cmdletSuffix);
80+
return loginCmdlet;
81+
}
82+
static loginWithOIDC(loginConfig) {
83+
return __awaiter(this, void 0, void 0, function* () {
84+
yield loginConfig.getFederatedToken();
85+
let cmdletSuffix = `-ApplicationId '${loginConfig.servicePrincipalId}' -FederatedToken '${loginConfig.federatedToken}'`;
86+
return AzPSScriptBuilder.psLoginCmdlet(loginConfig.authType, loginConfig.environment, loginConfig.tenantId, loginConfig.subscriptionId, cmdletSuffix);
87+
});
88+
}
89+
static loginWithSystemAssignedIdentity(loginConfig) {
90+
let cmdletSuffix = "";
91+
return AzPSScriptBuilder.psLoginCmdlet(loginConfig.authType, loginConfig.environment, loginConfig.tenantId, loginConfig.subscriptionId, cmdletSuffix);
92+
}
93+
static loginWithUserAssignedIdentity(loginConfig) {
94+
let cmdletSuffix = `-AccountId '${loginConfig.servicePrincipalId}'`;
95+
return AzPSScriptBuilder.psLoginCmdlet(loginConfig.authType, loginConfig.environment, loginConfig.tenantId, loginConfig.subscriptionId, cmdletSuffix);
96+
}
97+
static psLoginCmdlet(authType, environment, tenantId, subscriptionId, cmdletSuffix) {
98+
let loginCmdlet = `Connect-AzAccount `;
99+
if (authType === LoginConfig_1.LoginConfig.AUTH_TYPE_SERVICE_PRINCIPAL) {
100+
loginCmdlet += "-ServicePrincipal ";
101+
}
102+
else {
103+
loginCmdlet += "-Identity ";
104+
}
105+
loginCmdlet += `-Environment '${environment}' `;
106+
if (tenantId) {
107+
loginCmdlet += `-Tenant '${tenantId}' `;
108+
}
109+
if (subscriptionId) {
110+
loginCmdlet += `-Subscription '${subscriptionId}' `;
111+
}
112+
loginCmdlet += `${cmdletSuffix} | out-null;`;
113+
return loginCmdlet;
114+
}
115+
}
116+
exports.default = AzPSScriptBuilder;

0 commit comments

Comments
 (0)