Users/ajya/nationalcloudclientsidechanges (#3551)

* Changes for national cloud

* consume arm url from endpoint

* authUrl and envAuthUrl fix

* Test correction for client side changes

* bump up task version and fixing review comments

* null check for auth url in NLB task

* added URL in endpoint object for NLB task

* added environment to logs

* reverted variable name back to SPN

* Bump up task version corrsponding to master

* corrections

* Increased patch version for AFC

Tasks/AzureAppServiceManage/azureappservicemanage.ts

@@ -51,6 +51,7 @@ async function run() {
         endPoint["servicePrincipalKey"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'serviceprincipalkey', true);
         endPoint["tenantID"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'tenantid', true);
         endPoint["subscriptionId"] = tl.getEndpointDataParameter(connectedServiceName, 'subscriptionid', true);
+        endPoint["envAuthUrl"] = tl.getEndpointDataParameter(connectedServiceName, 'environmentAuthorityUrl', true);
         endPoint["url"] = tl.getEndpointUrl(connectedServiceName, true);
 
         if(resourceGroupName === null) {

Tasks/AzureAppServiceManage/task.json

@@ -17,7 +17,7 @@
     "version": {
         "Major": 0,
         "Minor": 2,
-        "Patch": 2
+        "Patch": 3
     },
     "minimumAgentVersion": "1.102.0",
     "instanceNameFormat": "$(Action): $(WebAppName)",

Tasks/AzureAppServiceManage/task.loc.json

@@ -17,7 +17,7 @@
   "version": {
     "Major": 0,
     "Minor": 2,
-    "Patch": 2
+    "Patch": 3
   },
   "minimumAgentVersion": "1.102.0",
   "instanceNameFormat": "ms-resource:loc.instanceNameFormat",

Tasks/AzureFileCopy/task.json

@@ -13,7 +13,7 @@
     "version": {
         "Major": 1,
         "Minor": 0,
-        "Patch": 84
+        "Patch": 85
     },
     "demands": [
         "azureps"

Tasks/AzureFileCopy/task.loc.json

@@ -13,7 +13,7 @@
   "version": {
     "Major": 1,
     "Minor": 0,
-    "Patch": 84
+    "Patch": 85
   },
   "demands": [
     "azureps"

Tasks/AzureNLBManagement/nlbazureutility.ts

@@ -5,13 +5,14 @@ import * as httpClient from 'vso-node-api/HttpClient';
 import * as restClient from 'vso-node-api/RestClient';
 
 var httpObj = new httpClient.HttpCallbackClient(tl.getVariable("AZURE_HTTP_USER_AGENT"));
-var authUrl = 'https://login.windows.net/';
+var defaultAuthUrl = 'https://login.windows.net/';
 var azureApiVersion = '2016-09-01';
 
 function getAccessToken(SPN, endpointUrl: string): Q.Promise<string> {
 
 	var deferred = Q.defer<string>();
-	var authorityUrl = authUrl + SPN.tenantID + "/oauth2/token/";
+	var envAuthUrl = (SPN.envAuthUrl) ? SPN.envAuthUrl : defaultAuthUrl;
+	var authorityUrl = envAuthUrl + SPN.tenantID + "/oauth2/token/";
 
 	var post_data = querystring.stringify({
 		resource: endpointUrl, 
@@ -43,7 +44,7 @@ function getAccessToken(SPN, endpointUrl: string): Q.Promise<string> {
 export async function getNetworkInterfacesInRG(SPN, endpointUrl: string, resourceGroupName: string) {
 
 	var deferred = Q.defer<any>();
-	var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces?api-version=" + azureApiVersion;
+	var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces?api-version=" + azureApiVersion;
 	var accessToken = await getAccessToken(SPN, endpointUrl);
 
 	var requestHeader = {
@@ -69,7 +70,7 @@ export async function getNetworkInterfacesInRG(SPN, endpointUrl: string, resourc
 export async function getLoadBalancer(SPN, endpointUrl: string, name: string, resourceGroupName: string) {
 
 	var deferred = Q.defer<any>();    
-	var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/loadBalancers/" + name + "?api-version=" + azureApiVersion;
+	var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/loadBalancers/" + name + "?api-version=" + azureApiVersion;
 	var accessToken = await getAccessToken(SPN, endpointUrl);
 
 	var requestHeader = {
@@ -94,7 +95,7 @@ export async function getLoadBalancer(SPN, endpointUrl: string, name: string, re
 
 export async function getNetworkInterface(SPN, endpointUrl, name: string, resourceGroupName: string) {
 	var deferred = Q.defer<any>();   
-	var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + name + "?api-version=" + azureApiVersion;
+	var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + name + "?api-version=" + azureApiVersion;
 	var accessToken = await getAccessToken(SPN, endpointUrl);
 
 	var requestHeader = {
@@ -139,7 +140,7 @@ async function checkProvisioningState(url: string, accessToken: string) {
 export async function setNetworkInterface(SPN, endpointUrl: string, nic, resourceGroupName: string){
 
 	var deferred = Q.defer();   
-	var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + nic.name + "?api-version=" + azureApiVersion;
+	var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + nic.name + "?api-version=" + azureApiVersion;
 	var accessToken = await getAccessToken(SPN, endpointUrl);
 	var requestHeader = {
 		"Content-Type": "application/json; charset=utf-8",

Tasks/AzureNLBManagement/nlbtask.ts

@@ -22,6 +22,8 @@ async function run() {
 		SPN["servicePrincipalKey"] = endPointAuthCreds.parameters["serviceprincipalkey"];
 		SPN["tenantID"] = endPointAuthCreds.parameters["tenantid"];
 		SPN["subscriptionId"] = tl.getEndpointDataParameter(connectedServiceName, 'subscriptionid', true);
+		SPN["envAuthUrl"] = tl.getEndpointDataParameter(connectedServiceName, 'environmentAuthorityUrl', true);
+		SPN["url"] = tl.getEndpointUrl(connectedServiceName, true);
 
 		var nicVm = await getNetworkInterface(SPN, endpointUrl, resourceGroupName);
 		tl.debug(`Network Interface - ${nicVm.name}'s configuration details fetched for the virtual machine ${process.env.COMPUTERNAME}`);

Tasks/AzureNLBManagement/task.json

@@ -16,7 +16,7 @@
     "version": {
         "Major": 1,
         "Minor": 0,
-        "Patch": 2
+        "Patch": 3
     },
     "minimumAgentVersion": "1.95.0",
     "instanceNameFormat": "Azure Network Load Balancer: $(LoadBalancer) - $(Action)",

Tasks/AzureNLBManagement/task.loc.json

@@ -16,7 +16,7 @@
   "version": {
     "Major": 1,
     "Minor": 0,
-    "Patch": 2
+    "Patch": 3
   },
   "minimumAgentVersion": "1.95.0",
   "instanceNameFormat": "ms-resource:loc.instanceNameFormat",

Tasks/AzurePowerShell/task.json

@@ -17,7 +17,7 @@
     "version": {
         "Major": 1,
         "Minor": 113,
-        "Patch": 0
+        "Patch": 1
     },
     "demands": [
         "azureps"

Tasks/AzurePowerShell/task.loc.json

@@ -17,7 +17,7 @@
   "version": {
     "Major": 1,
     "Minor": 113,
-    "Patch": 0
+    "Patch": 1
   },
   "demands": [
     "azureps"

Tasks/AzureResourceGroupDeployment/Strings/resources.resjson/en-US/resources.resjson

@@ -111,6 +111,8 @@
   "loc.messages.ClientIdCannotBeEmpty": "clientId must be a non empty string.",
   "loc.messages.DomainCannotBeEmpty": "domain must be a non empty string.",
   "loc.messages.SecretCannotBeEmpty": "secret must be a non empty string.",
+  "loc.messages.armUrlCannotBeEmpty": "arm Url must be a non empty string.",
+  "loc.messages.authorityUrlCannotBeEmpty": "authority must be a non empty string.",
   "loc.messages.CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for azure. Status code: %s, status message: %s",
   "loc.messages.LoadBalancerNameCannotBeNull": "'loadBalancerName cannot be null or undefined and it must be of type string.'",
   "loc.messages.NetworkInterfaceNameCannotBeNull": "networkInterfaceName cannot be null or undefined and it must be of type string.",

Tasks/AzureResourceGroupDeployment/Tests/addVSTSExtension.ts

@@ -26,6 +26,8 @@ process.env["__mg__internal__project__name"] = "AzureProj";
 process.env[ "ENDPOINT_AUTH_AzureRM"] = "{\"parameters\":{\"serviceprincipalid\":\"id\",\"serviceprincipalkey\":\"key\",\"tenantid\":\"tenant\"},\"scheme\":\"ServicePrincipal\"}";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
+process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
+process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 
 tr.registerMock('vsts-task-lib/toolrunner', require('vsts-task-lib/mock-toolrunner'));
 tr.registerMock('./azure-rest/azure-arm-network', require('./mock_node_modules/azure-arm-network'));

Tasks/AzureResourceGroupDeployment/Tests/deleteVSTSExtension.ts

@@ -14,6 +14,8 @@ tr.setInput("vstsPATToken", "PAT");
 process.env[ "ENDPOINT_AUTH_AzureRM"] = "{\"parameters\":{\"serviceprincipalid\":\"id\",\"serviceprincipalkey\":\"key\",\"tenantid\":\"tenant\"},\"scheme\":\"ServicePrincipal\"}";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
+process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
+process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 
 process.env["__mg__internal__collection__uri"] = "https://testking123.visualstudio.com";
 process.env["__mg__internal__project__name"] = "AzureProj";

Tasks/AzureResourceGroupDeployment/models/DeployAzureRG.ts

@@ -64,7 +64,9 @@ export class AzureRGTaskParameters {
         var servicePrincipalId: string = endpointAuth.parameters["serviceprincipalid"];
         var servicePrincipalKey: string = endpointAuth.parameters["serviceprincipalkey"];
         var tenantId: string = endpointAuth.parameters["tenantid"];
-        var credentials = new msRestAzure.ApplicationTokenCredentials(servicePrincipalId, tenantId, servicePrincipalKey);
+        var armUrl: string = tl.getEndpointUrl(connectedService, true);
+        var envAuthorityUrl: string = tl.getEndpointDataParameter(connectedService, 'environmentAuthorityUrl', true);
+        var credentials = new msRestAzure.ApplicationTokenCredentials(servicePrincipalId, tenantId, servicePrincipalKey, armUrl, envAuthorityUrl);
         return credentials;
     }
 }

Tasks/AzureResourceGroupDeployment/operations/azure-rest/AzureServiceClient.ts

@@ -74,7 +74,7 @@ export class ServiceClient {
 
         this.credentials = credentials;
         this.subscriptionId = subscriptionId
-        this.baseUri = 'https://management.azure.com';
+        this.baseUri = this.credentials.armUrl;
         this.longRunningOperationRetryTimeout = 60; // In minutes
     }
 

Tasks/AzureResourceGroupDeployment/operations/azure-rest/azure-arm-common.ts

@@ -6,18 +6,18 @@ var util = require('util');
 
 var httpObj = new httpClient.HttpCallbackClient(tl.getVariable("AZURE_HTTP_USER_AGENT"));
 
-var authUrl = 'https://login.windows.net/';
-var armUrl = 'https://management.azure.com/';
 var azureApiVersion = 'api-version=2016-08-01';
 
 
 export class ApplicationTokenCredentials {
     private clientId: string;
     private domain: string;
     private secret: string;
+    public armUrl: string;
+    public authorityUrl: string;
     private token_deferred: Q.Promise<string>;
 
-    constructor(clientId: string, domain: string, secret: string) {
+    constructor(clientId: string, domain: string, secret: string, armUrl: string, authorityUrl: string) {
         if (!Boolean(clientId) || typeof clientId.valueOf() !== 'string') {
             throw new Error(tl.loc("ClientIdCannotBeEmpty"));
         }
@@ -30,9 +30,19 @@ export class ApplicationTokenCredentials {
             throw new Error(tl.loc("SecretCannotBeEmpty"));
         }
 
+        if (!Boolean(armUrl) || typeof armUrl.valueOf() !== 'string') {
+            throw new Error(tl.loc("armUrlCannotBeEmpty"));
+        }
+
+        if (!Boolean(authorityUrl) || typeof authorityUrl.valueOf() !== 'string') {
+            throw new Error(tl.loc("authorityUrlCannotBeEmpty"));
+        }
+
         this.clientId = clientId;
         this.domain = domain;
         this.secret = secret;
+        this.armUrl = armUrl;
+        this.authorityUrl = authorityUrl;
     }
 
     public getToken(force?: boolean): Q.Promise<string> {
@@ -45,9 +55,9 @@ export class ApplicationTokenCredentials {
 
     private getAuthorizationToken(): Q.Promise<string> {
         var deferred = Q.defer<string>();
-        var authorityUrl = authUrl + this.domain + "/oauth2/token/";
+        var oauthTokenRequestUrl = this.authorityUrl + this.domain + "/oauth2/token/";
         var requestData = querystring.stringify({
-            resource: 'https://management.azure.com/',
+            resource: this.armUrl,
             client_id: this.clientId,
             grant_type: "client_credentials",
             client_secret: this.secret
@@ -56,8 +66,8 @@ export class ApplicationTokenCredentials {
             "Content-Type": "application/x-www-form-urlencoded; charset=utf-8"
         };
 
-        tl.debug('Requesting for Auth Token: ' + authorityUrl);
-        httpObj.send('POST', authorityUrl, requestData, requestHeader, (error, response, body) => {
+        tl.debug('Requesting for Auth Token: ' + oauthTokenRequestUrl);
+        httpObj.send('POST', oauthTokenRequestUrl, requestData, requestHeader, (error, response, body) => {
             if (error) {
                 deferred.reject(error);
             }

Tasks/AzureResourceGroupDeployment/task.json

@@ -14,7 +14,7 @@
     "version": {
         "Major": 2,
         "Minor": 0,
-        "Patch": 0
+        "Patch": 1
     },
     "demands": [],
     "minimumAgentVersion": "2.0.0",
@@ -320,6 +320,8 @@
         "ClientIdCannotBeEmpty": "clientId must be a non empty string.",
         "DomainCannotBeEmpty": "domain must be a non empty string.",
         "SecretCannotBeEmpty": "secret must be a non empty string.",
+        "armUrlCannotBeEmpty": "arm Url must be a non empty string.",
+        "authorityUrlCannotBeEmpty": "authority must be a non empty string.",
         "CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for azure. Status code: %s, status message: %s",
         "LoadBalancerNameCannotBeNull": "'loadBalancerName cannot be null or undefined and it must be of type string.'",
         "NetworkInterfaceNameCannotBeNull": "networkInterfaceName cannot be null or undefined and it must be of type string.",

Tasks/AzureResourceGroupDeployment/task.loc.json

@@ -14,7 +14,7 @@
   "version": {
     "Major": 2,
     "Minor": 0,
-    "Patch": 0
+    "Patch": 1
   },
   "demands": [],
   "minimumAgentVersion": "2.0.0",
@@ -320,6 +320,8 @@
     "ClientIdCannotBeEmpty": "ms-resource:loc.messages.ClientIdCannotBeEmpty",
     "DomainCannotBeEmpty": "ms-resource:loc.messages.DomainCannotBeEmpty",
     "SecretCannotBeEmpty": "ms-resource:loc.messages.SecretCannotBeEmpty",
+    "armUrlCannotBeEmpty": "ms-resource:loc.messages.armUrlCannotBeEmpty",
+    "authorityUrlCannotBeEmpty": "ms-resource:loc.messages.authorityUrlCannotBeEmpty",
     "CouldNotFetchAccessTokenforAzureStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforAzureStatusCode",
     "LoadBalancerNameCannotBeNull": "ms-resource:loc.messages.LoadBalancerNameCannotBeNull",
     "NetworkInterfaceNameCannotBeNull": "ms-resource:loc.messages.NetworkInterfaceNameCannotBeNull",

Tasks/AzureRmWebAppDeployment/azurermwebappdeployment.ts

@@ -42,6 +42,7 @@ async function run() {
         endPoint["servicePrincipalKey"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'serviceprincipalkey', true);
         endPoint["tenantID"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'tenantid', true);
         endPoint["subscriptionId"] = tl.getEndpointDataParameter(connectedServiceName, 'subscriptionid', true);
+        endPoint["envAuthUrl"] = tl.getEndpointDataParameter(connectedServiceName, 'environmentAuthorityUrl', true);
         endPoint["url"] = tl.getEndpointUrl(connectedServiceName, true);
 
         if(deployToSlotFlag) {

Tasks/AzureRmWebAppDeployment/task.json

@@ -16,7 +16,7 @@
     "version": {
         "Major": 3,
         "Minor": 0,
-        "Patch": 7
+        "Patch": 8
     },
     "preview": "true",
     "releaseNotes": "What's new in Version 3.0: <br/>&nbsp;&nbsp;Supports File Transformations (XDT) <br/>&nbsp;&nbsp;Supports Variable Substitutions(XML, JSON) <br/>Click [here](https://aka.ms/azurermwebdeployreadme) for more Information.",

Tasks/AzureRmWebAppDeployment/task.loc.json

@@ -16,7 +16,7 @@
   "version": {
     "Major": 3,
     "Minor": 0,
-    "Patch": 7
+    "Patch": 8
   },
   "preview": "true",
   "releaseNotes": "What's new in Version 3.0: <br/>&nbsp;&nbsp;Supports File Transformations (XDT) <br/>&nbsp;&nbsp;Supports Variable Substitutions(XML, JSON) <br/>Click [here](https://aka.ms/azurermwebdeployreadme) for more Information.",

Tasks/Common/VstsAzureHelpers_/InitializeFunctions.ps1

@@ -41,6 +41,11 @@ function Initialize-AzureSubscription {
 
     #Set UserAgent for Azure Calls
     Set-UserAgent
+
+    $environmentName = "AzureCloud"
+    if($Endpoint.Data.Environment) {
+        $environmentName = $Endpoint.Data.Environment
+    }
 
     if ($Endpoint.Auth.Scheme -eq 'Certificate') {
         # Certificate is only supported for the Azure module.
@@ -57,11 +62,6 @@ function Initialize-AzureSubscription {
             $additional['CurrentStorageAccountName'] = $StorageAccount
         }
 
-        $environmentName = "AzureCloud"
-        if( $Endpoint.Data.Environment ) {
-            $environmentName = $Endpoint.Data.Environment
-        }
-
         # Set the subscription.
         Write-Host "##[command]Set-AzureSubscription -SubscriptionName $($Endpoint.Data.SubscriptionName) -SubscriptionId $($Endpoint.Data.SubscriptionId) -Certificate ******** -Environment $environmentName $(Format-Splat $additional)"
         Set-AzureSubscription -SubscriptionName $Endpoint.Data.SubscriptionName -SubscriptionId $Endpoint.Data.SubscriptionId -Certificate $certificate -Environment $environmentName @additional
@@ -126,8 +126,8 @@ function Initialize-AzureSubscription {
         } else {
             # Else, this is AzureRM.
             try {
-                Write-Host "##[command]Add-AzureRMAccount -ServicePrincipal -Tenant $($Endpoint.Auth.Parameters.TenantId) -Credential $psCredential"
-                $null = Add-AzureRMAccount -ServicePrincipal -Tenant $Endpoint.Auth.Parameters.TenantId -Credential $psCredential
+                Write-Host "##[command]Add-AzureRMAccount -ServicePrincipal -Tenant $($Endpoint.Auth.Parameters.TenantId) -Credential $psCredential -EnvironmentName $environmentName"
+                $null = Add-AzureRMAccount -ServicePrincipal -Tenant $Endpoint.Auth.Parameters.TenantId -Credential $psCredential -EnvironmentName $environmentName
             } catch {
                 # Provide an additional, custom, credentials-related error message.
                 Write-VstsTaskError -Message $_.Exception.Message

Tasks/Common/VstsAzureHelpers_/Tests/Initialize-AzureSubscription.PassesValuesWhenSPAuth.ps1

@@ -67,7 +67,7 @@ foreach ($variableSet in $variableSets) {
         Assert-WasCalled Set-CurrentAzureSubscription -- -SubscriptionId $endpoint.Data.SubscriptionId -StorageAccount $variableSet.StorageAccount
     } else {
         Assert-WasCalled Add-AzureRMAccount -ArgumentsEvaluator {
-            $args.Length -eq 5 -and
+            $args.Length -eq 7 -and
             $args[0] -eq '-ServicePrincipal' -and
             $args[1] -eq '-Tenant' -and
             $args[2] -eq 'Some tenant ID' -and