Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Call For Action] Testing Az.Accounts-2.14.0-preivew release #23805

Closed
msJinLei opened this issue Dec 21, 2023 · 4 comments
Closed

[Call For Action] Testing Az.Accounts-2.14.0-preivew release #23805

msJinLei opened this issue Dec 21, 2023 · 4 comments
Labels
Accounts Issues in Az.Accounts except authentication related Engineering

Comments

@msJinLei
Copy link
Contributor

msJinLei commented Dec 21, 2023
edited by isra-fel
Loading

Description

We have just released Az.Accounts-2.14.0-preivew, which contains the following important updates.

Updated Azure.Identity 1.6.1 to 1.10.3

Note

The vulnerability within Azure.Identity 1.6.1 did not apply to Azure PowerShell. Therefore, the latest stable version of Azure PowerShell is safe to use.

1.10.3 had a breaking change that it renamed the token cache file from msal.cache to msal.cache.cae (or msal.cache.nocae in case CAE is disabled). We implemented best-effort token cache migration so your sign-in state won't be lost. Again, it is discouraged to consume the token cache file directly. Token cache is enabled in the following sign-in methods:

  • Interactive (browser or WAM)
  • Device Code
  • User name + Password
  • Service Principal + Federated Token

If you are using any of them, feel free to try the preview.

Enabled Continuous Access Evaluation (CAE) for Service Principal login methods.

As of today, we already enabled CAE for the following login methods

  • Interactive (browser or WAM)
  • Device Code
  • User name + Password

In this preview version, we enabled CAE when you login using Service Principal related methods, which are

  • Service Principal + Credential
  • Service Principal + Certificate
  • Service Principal + Federated Token

We highly recommend you try this since CAE enhances security by protecting tokens. Pre-configuration may be required. Please refer to https://learn.microsoft.com/entra/identity/conditional-access/concept-continuous-access-evaluation for more information.

Updated output format of cmdlets in Az.Accounts

We adjusted cmdlet output format to make it more user-friendly based on the feedback of UX study of Az.Accounts, including

  • ordering and grouping output items to make items easy to find
  • re-prioritizing positions for output properties to highlight valuable properties

Affected cmdlets include Get-AzContext, Get-AzTenant, Get-AzSubscription and Invoke-AzRestMethod. Take cmdlet Get-AzContext for example, we group outputs by TenantId and alphabetically order them then.

image

image

Note

  • We only adjust the visual display of output in the preview version, which means no breaking changes are introduced in output object and script will not be broken due to the lack of property even if the property is moved or hidden in display.
  • Script may be broken logically if the script assumes the certain order of outputs since we adjusted the order of output items.

Fixed the authentication issue when using FederatedToken in Sovereign Clouds

In Soverign Clouds, Connect-AzAccounts fails when using Service Principal + Federated Token. The issue is currently reported on Azure Login Action.

If you login Soverign Clouds using federated token, Please run the following cmdlet on powershell

Connect-AzAccount -ServicePrincipal -Application $appId -FederatedToken $token -Environment $SoverignCloudName

Please you are using GitHub Actions, please refer to how to test Az.Accounts-2.14.0-preivew in GitHub Actions for more details.

Most of the customers will be affected and so we invite you to test the new version.

How to Test

Run the following cmdlet on PowerShell to install Az.Accounts-2.14.0-preivew

Install-Module -Name Az.Accounts -Repository PSGallery -AllowPrerelease –Force

Run your script or Connect-AzAccount.

Next Step

We are going to release these preview features in the next regular release in January.

Feedback

Please share your thoughts or suggestions by commenting on this issue directly.

Thank you!
@msJinLei msJinLei added Engineering Accounts Issues in Az.Accounts except authentication related labels Dec 21, 2023
@isra-fel isra-fel changed the title Call For Testing Az.Accounts-2.14.0-preivew [Call For Action] Testing Az.Accounts-2.14.0-preivew release Dec 21, 2023
@isra-fel isra-fel pinned this issue Dec 21, 2023
@dribblor
Copy link

dribblor commented Jan 3, 2024
edited
Loading

Install-Module -Name Az seems to fail with this error:

PackageManagement\Install-Package : Cannot convert value "2.14.0-preview" to type "System.Version". Error: "Input string was not in a correct format."

There's no -AllowPrerelease parameter on our Install-Module so I can't see any clear way to work around this when installing Az.Accounts through Az.

@msJinLei
Copy link
Contributor Author

msJinLei commented Jan 4, 2024
edited
Loading

@dribblor

Install-Module -Name Az seems to fail with this error:

PackageManagement\Install-Package : Cannot convert value "2.14.0-preview" to type "System.Version". Error: "Input string was not in a correct format."

There's no -AllowPrerelease parameter on our Install-Module so I can't see any clear way to work around this when installing Az.Accounts through Az.

What's your PowerShell and PowerShellGet version

$PSVersionTable
Get-Module -ListAvailable -Name PowerShellGet

I cannot reproduce your issue

@dribblor
Copy link

dribblor commented Jan 4, 2024

@dribblor

Install-Module -Name Az seems to fail with this error:

PackageManagement\Install-Package : Cannot convert value "2.14.0-preview" to type "System.Version". Error: "Input string was not in a correct format."

There's no -AllowPrerelease parameter on our Install-Module so I can't see any clear way to work around this when installing Az.Accounts through Az.

What's your PowerShell and PowerShellGet version

$PSVersionTable
Get-Module -ListAvailable -Name PowerShellGet

I cannot reproduce your issue

Thanks for checking :) Here you go:

PS C:\azp> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.20348.2110
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.2110
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

PS C:\azp> Get-Module -ListAvailable -Name PowerShellGet


    Directory: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.0.0.1    PowerShellGet                       {Install-Module, Find-Module, Save-Module, Update-Module...}

It looks like we also have powershell core 7.2.9 installed in the same image and that can install Az.Accounts just fine, but unfortunately I need it working in the old powershell and typically that's the one that's broken.

@BethanyZhou
Copy link
Contributor

BethanyZhou commented Jan 11, 2024
edited
Loading

Hi @dribblor , you can update PowerShellGet by Update-Module -Name PowerShellGet -Force even you are working on an old powershell. Look forward to hear your feedback about our new preview features.

@isra-fel isra-fel unpinned this issue Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Accounts Issues in Az.Accounts except authentication related Engineering
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@isra-fel @BethanyZhou @msJinLei @dribblor