Support Managed Identity (#348)

* support MI for CLI

* support MI for PowerShell

* refactor and fix typo

* adjust logic according to review comments

* create a type for PS Script output and add some test cases

* rename servicePrincipalKey to servicePrincipalSecret

.github/workflows/azure-login-negative.yml

@@ -26,35 +26,15 @@ jobs:
       run: |
         npm install
         npm run build
-        
-    - name: 'Run L0 tests'
-      id: run_test
-      continue-on-error: true
-      run: |
         npm run test
-    
-    - name: Check Last step failed
-      if: steps.run_test.outcome == 'success'
-      uses: actions/github-script@v3
-      with:
-          script: |
-            core.setFailed('Last action should fail but not. Please check it.')
 
     - name: Login with creds
-      id: login_1
       continue-on-error: true
       uses: ./
       with:
         creds: ${{secrets.SP1}}
         enable-AzPSSession: true
 
-    - name: Check Last step failed
-      if: steps.login_1.outcome == 'success'
-      uses: actions/github-script@v3
-      with:
-          script: |
-            core.setFailed('Last action should fail but not. Please check it.')
-
     - name: Run Azure Cli
       run: |
         az account show
@@ -81,22 +61,14 @@ jobs:
 
     - name: Login with individual parameters
       id: login_2
-      continue-on-error: true
       uses: ./
       with:
         client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
         tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
-        subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
+        # subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
         allow-no-subscriptions: true
         enable-AzPSSession: true
 
-    - name: Check Last step failed
-      if: steps.login_2.outcome == 'success'
-      uses: actions/github-script@v3
-      with:
-          script: |
-            core.setFailed('Last action should fail but not. Please check it.')
-
     - name: Run Azure Cli again
       run: |
         az account show
@@ -144,7 +116,7 @@ jobs:
       with:
         client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
         tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
-        subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
+        # subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
         allow-no-subscriptions: true
         enable-AzPSSession: true
 
@@ -356,4 +328,90 @@ jobs:
       uses: actions/github-script@v3
       with:
           script: |
-            core.setFailed('Last action should fail but not. Please check it.')
+            core.setFailed('Last action should fail but not. Please check it.')
+
+    - name: Login with tenant-level account, without allow-no-subscriptions
+      id: login_11
+      continue-on-error: true
+      uses: ./
+      with:
+        client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
+        tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
+        subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
+        enable-AzPSSession: true
+
+    - name: Check Last step failed
+      if: steps.login_11.outcome == 'success'
+      uses: actions/github-script@v3
+      with:
+          script: |
+            core.setFailed('Last action should fail but not. Please check it.')
+
+    # Secret of SP1 in creds will be used to sign in SP2
+    - name: Login with both creds and individual parameters
+      id: login_12
+      continue-on-error: true
+      uses: ./
+      with:
+        creds: ${{secrets.SP1}}
+        client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
+        tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
+        subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
+        allow-no-subscriptions: true
+        enable-AzPSSession: true
+
+    - name: Check Last step failed
+      if: steps.login_12.outcome == 'success'
+      uses: actions/github-script@v3
+      with:
+          script: |
+            core.setFailed('Last action should fail but not. Please check it.')
+
+    - name: Login by OIDC with all info in creds 
+      id: login_13
+      continue-on-error: true
+      uses: ./
+      with:
+        creds: ${{secrets.SP2}}
+        allow-no-subscriptions: true
+        enable-AzPSSession: true
+
+    - name: Check Last step failed
+      if: steps.login_13.outcome == 'success'
+      uses: actions/github-script@v3
+      with:
+          script: |
+            core.setFailed('Last action should fail but not. Please check it.')
+
+  VMTest:
+    strategy:
+      matrix:
+        os: [self_linux, self_windows]
+    runs-on: ${{ matrix.os }}
+    environment: Automation test
+
+    steps:
+    - name: 'Checking out repo code'
+      uses: actions/[email protected]
+
+    - name: Set Node.js 16.x for GitHub Action
+      uses: actions/setup-node@v1
+      with:
+        node-version: 16.x
+
+    - name: 'Validate build'
+      run: |
+        npm install
+        npm run build
+
+    - name: Login with system-assigned managed identity without auth-type
+      id: login_14
+      continue-on-error: true
+      uses: ./
+
+    - name: Check Last step failed
+      if: steps.login_14.outcome == 'success'
+      uses: actions/github-script@v3
+      with:
+          script: |
+            core.setFailed('Last action should fail but not. Please check it.')

.github/workflows/azure-login-positive.yml

@@ -60,7 +60,7 @@ jobs:
       with:
         client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
         tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
-        subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
+        # subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
         allow-no-subscriptions: true
         enable-AzPSSession: true
 
@@ -75,6 +75,28 @@ jobs:
         inlineScript: |
           Get-AzContext | Format-List
 
+    - name: Login with explicit auth-type
+      uses: ./
+      with:
+        creds: ${{secrets.SP1}}
+        auth-type: SERVICE_PRINCIPAL
+        enable-AzPSSession: true
+
+    - name: Run Azure Cli
+      run: |
+        az account show
+        az group show --name GitHubAction_CI_RG
+        az vm list
+
+    - name: Run Azure PowerShell
+      uses: azure/[email protected]
+      with:
+        azPSVersion: "latest"
+        inlineScript: |
+          Get-AzContext | Format-List
+          Get-AzResourceGroup -Name GitHubAction_CI_RG
+          Get-AzVM
+
   ParameterTest:
     strategy:
       matrix:
@@ -96,30 +118,6 @@ jobs:
         npm install
         npm run build
 
-    - name: Login with both creds and individual parameters
-      uses: ./
-      with:
-        creds: ${{secrets.SP1}}
-        client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
-        tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
-        subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }}
-        enable-AzPSSession: true
-
-    - name: Run Azure Cli
-      run: |
-        az account show
-        az group show --name GitHubAction_CI_RG
-        az vm list
-
-    - name: Run Azure PowerShell
-      uses: azure/[email protected]
-      with:
-        azPSVersion: "latest"
-        inlineScript: |
-          Get-AzContext | Format-List
-          Get-AzResourceGroup -Name GitHubAction_CI_RG
-          Get-AzVM
-
     - name: Login with creds, disable ps session
       uses: ./
       with:
@@ -185,3 +183,107 @@ jobs:
         inlineScript: |
           Get-AzContext | Format-List
 
+  VMTest:
+    strategy:
+      matrix:
+        os: [self_linux, self_windows]
+    runs-on: ${{ matrix.os }}
+    environment: Automation test
+
+    steps:
+    - name: 'Checking out repo code'
+      uses: actions/[email protected]
+
+    - name: Set Node.js 16.x for GitHub Action
+      uses: actions/setup-node@v1
+      with:
+        node-version: 16.x
+
+    - name: 'Validate build'
+      run: |
+        npm install
+        npm run build
+
+    - name: Login with system-assigned managed identity, no subscription-id
+      uses: ./
+      with:
+        auth-type: IDENTITY
+        allow-no-subscriptions: true
+        enable-AzPSSession: true
+
+    - name: Run Azure Cli
+      run: |
+        az account show
+    
+    - name: Run Azure PowerShell
+      uses: azure/[email protected]
+      with:
+        azPSVersion: "latest"
+        inlineScript: |
+          Get-AzContext | Format-List
+
+    - name: Login with system-assigned managed identity, with subscription id
+      uses: ./
+      with:
+        auth-type: IDENTITY
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }}
+        enable-AzPSSession: true
+
+    - name: Run Azure Cli
+      run: |
+        az account show
+        az group show --name GitHubAction_CI_RG
+        az vm list
+  
+    - name: Run Azure PowerShell
+      uses: azure/[email protected]
+      with:
+        azPSVersion: "latest"
+        inlineScript: |
+          Get-AzContext | Format-List
+          Get-AzResourceGroup -Name GitHubAction_CI_RG
+          Get-AzVM
+
+    - name: Login with tenant-level user-assigned managed identity with allow-no-subscriptions
+      uses: ./
+      with:
+        client-id: ${{ secrets.UMI2_CLIENT_ID }}
+        allow-no-subscriptions: true
+        auth-type: IDENTITY
+        enable-AzPSSession: true
+
+    - name: Run Azure Cli
+      run: |
+        az account show
+    
+    - name: Run Azure PowerShell
+      uses: azure/[email protected]
+      with:
+        azPSVersion: "latest"
+        inlineScript: |
+          Get-AzContext | Format-List
+
+    - name: Login with user-assigned managed identity, subscription-id
+      uses: ./
+      with:
+        client-id: ${{ secrets.UMI1_CLIENT_ID }}
+        subscription-id: ${{ secrets.UMI1_SUBSCRIPTION_ID }}
+        auth-type: IDENTITY
+        enable-AzPSSession: true
+
+    - name: Run Azure Cli
+      run: |
+        az account show
+        az group show --name GitHubAction_CI_RG
+        az vm list
+    
+    - name: Run Azure PowerShell
+      uses: azure/[email protected]
+      with:
+        azPSVersion: "latest"
+        inlineScript: |
+          Get-AzContext | Format-List
+          Get-AzResourceGroup -Name GitHubAction_CI_RG
+          Get-AzVM
+
+