Revert "Port to m161: AzureResourceGroupDeployment: Improve docs/erro… (

#11987) * Revert "Port to m161: AzureResourceGroupDeployment: Improve docs/error logs to surface SPN details to user (#11909)" This reverts commit 56a6648. * update task version
microsoft · Dec 17, 2019 · b47c85e · b47c85e
1 parent 59ee753
commit b47c85e
Show file tree

Hide file tree

Showing 21 changed files with 6 additions and 204 deletions.
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Strings/resources.resjson/en-US/resources.resjson b/Tasks/AzureResourceGroupDeploymentV2/Strings/resources.resjson/en-US/resources.resjson
@@ -192,7 +192,5 @@
   "loc.messages.ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.",
   "loc.messages.DeploymentGroupConfigurationNotSucceeded": "Deployment group configuration did not succeed on one or more Virtual Machine(s): %s",
   "loc.messages.DeploymentGroupConfigurationFailedOnVM": "Failure for Virtual Machine '%s': %s",
-  "loc.messages.ServicePrincipalRoleAssignmentDetails": "Please make sure the Service Principal with name %s is assigned the right roles for the Resource Group %s. Follow the link for more details: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal",
-  "loc.messages.ServicePrincipalFetchFailed": "Error while fetching Service Principal details: %s",
   "loc.messages.FindMoreDeploymentDetailsAzurePortal": "Task successfully created an Azure Resource Manager deployment, but the deployment failed. Please see more detailed Azure resource manager deployment logs at: (Please Copy-Paste the link) %s"
 }
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/EnablePrereq.ts b/Tasks/AzureResourceGroupDeploymentV2/Tests/EnablePrereq.ts
@@ -22,7 +22,6 @@ process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_SERVICEPRINCIPALKEY"] = "key";
 process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_TENANTID"] = "tenant";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
-process.env["ENDPOINT_DATA_AzureRM_GRAPHURL"] = "https://graph.windows.net/";
 process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
 process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 
@@ -48,5 +47,4 @@ tr.registerMock('azure-arm-rest-v2/webRequestUtility', require('./mock_node_modu
 tr.registerMock('azure-arm-rest-v2/azure-arm-compute', require('./mock_node_modules/azure-arm-compute'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-network', require('./mock_node_modules/azure-arm-network'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-resource', require('./mock_node_modules/azure-arm-resource'));
-tr.registerMock('azure-arm-rest-v2/azure-graph', require('./mock_node_modules/azure-graph/azure-graph'));
 tr.run();
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/VMOperations.ts b/Tasks/AzureResourceGroupDeploymentV2/Tests/VMOperations.ts
@@ -15,12 +15,10 @@ process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_SERVICEPRINCIPALKEY"] = "key";
 process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_TENANTID"] = "tenant";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
-process.env["ENDPOINT_DATA_AzureRM_GRAPHURL"] = "https://graph.windows.net/";
 process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
 process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 process.env["ENDPOINT_DATA_AzureRM_ACTIVEDIRECTORYSERVICEENDPOINTRESOURCEID"] = "https://management.azure.com";
 
 tr.registerMock('azure-pipelines-task-lib/toolrunner', require('azure-pipelines-task-lib/mock-toolrunner'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-compute', require('./mock_node_modules/azure-arm-compute'));
-tr.registerMock('azure-arm-rest-v2/azure-graph', require('./mock_node_modules/azure-graph/azure-graph'));
 tr.run();
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/addVSTSExtension.ts b/Tasks/AzureResourceGroupDeploymentV2/Tests/addVSTSExtension.ts
@@ -27,7 +27,6 @@ process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_SERVICEPRINCIPALKEY"] = "key";
 process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_TENANTID"] = "tenant";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
-process.env["ENDPOINT_DATA_AzureRM_GRAPHURL"] = "https://graph.windows.net/";;
 process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
 process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 process.env["ENDPOINT_URL_PatEndpoint"] = "https://testking123.visualstudio.com";
@@ -56,7 +55,6 @@ tr.registerMock('azure-arm-rest-v2/webRequestUtility', require('./mock_node_modu
 tr.registerMock('azure-arm-rest-v2/azure-arm-network', require('./mock_node_modules/azure-arm-network'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-resource', require('./mock_node_modules/azure-arm-resource'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-compute', require('./mock_node_modules/azure-arm-compute'));
-tr.registerMock('azure-arm-rest-v2/azure-graph', require('./mock_node_modules/azure-graph/azure-graph'));
 
 
 tr.run();
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/createOrUpdate.ts b/Tasks/AzureResourceGroupDeploymentV2/Tests/createOrUpdate.ts
@@ -23,7 +23,6 @@ process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_SERVICEPRINCIPALKEY"] = "key";
 process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_TENANTID"] = "tenant";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
-process.env["ENDPOINT_DATA_AzureRM_GRAPHURL"] = "https://graph.windows.net/";
 process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
 process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 process.env["ENDPOINT_DATA_AzureRM_ACTIVEDIRECTORYSERVICEENDPOINTRESOURCEID"] = "https://management.azure.com";
@@ -50,5 +49,4 @@ tr.setAnswers(a);
 
 tr.registerMock('azure-pipelines-task-lib/toolrunner', require('azure-pipelines-task-lib/mock-toolrunner'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-resource', require('./mock_node_modules/azure-arm-resource'));
-tr.registerMock('azure-arm-rest-v2/azure-graph', require('./mock_node_modules/azure-graph/azure-graph'));
 tr.run();
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/deleteResourceGroup.ts b/Tasks/AzureResourceGroupDeploymentV2/Tests/deleteResourceGroup.ts
@@ -15,12 +15,10 @@ process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_SERVICEPRINCIPALKEY"] = "key";
 process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_TENANTID"] = "tenant";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
-process.env["ENDPOINT_DATA_AzureRM_GRAPHURL"] = "https://graph.windows.net/";
 process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
 process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 process.env["ENDPOINT_DATA_AzureRM_ACTIVEDIRECTORYSERVICEENDPOINTRESOURCEID"] = "https://management.azure.com";
 
 tr.registerMock('azure-pipelines-task-lib/toolrunner', require('azure-pipelines-task-lib/mock-toolrunner'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-resource', require('./mock_node_modules/azure-arm-resource'));
-tr.registerMock('azure-arm-rest-v2/azure-graph', require('./mock_node_modules/azure-graph/azure-graph'));
 tr.run();
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/deleteVSTSExtension.ts b/Tasks/AzureResourceGroupDeploymentV2/Tests/deleteVSTSExtension.ts
@@ -16,7 +16,6 @@ process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_SERVICEPRINCIPALKEY"] = "key";
 process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_TENANTID"] = "tenant";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
-process.env["ENDPOINT_DATA_AzureRM_GRAPHURL"] = "https://graph.windows.net/";
 process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
 process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 process.env["ENDPOINT_DATA_AzureRM_ACTIVEDIRECTORYSERVICEENDPOINTRESOURCEID"] = "https://management.azure.com";
@@ -26,5 +25,4 @@ tr.registerMock('azure-pipelines-task-lib/toolrunner', require('azure-pipelines-
 tr.registerMock('azure-arm-rest-v2/azure-arm-resource', require('./mock_node_modules/azure-arm-resource'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-compute', require('./mock_node_modules/azure-arm-compute'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-network', require('./mock_node_modules/azure-arm-network'));
-tr.registerMock('azure-arm-rest-v2/azure-graph', require('./mock_node_modules/azure-graph/azure-graph'));
 tr.run();
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/mock_node_modules/azure-graph/azure-graph.js b/Tasks/AzureResourceGroupDeploymentV2/Tests/mock_node_modules/azure-graph/azure-graph.js
diff --git a/Tasks/AzureResourceGroupDeploymentV2/Tests/selectResourceGroup.ts b/Tasks/AzureResourceGroupDeploymentV2/Tests/selectResourceGroup.ts
@@ -17,7 +17,6 @@ process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_SERVICEPRINCIPALKEY"] = "key";
 process.env["ENDPOINT_AUTH_PARAMETER_AzureRM_TENANTID"] = "tenant";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId";
 process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName";
-process.env["ENDPOINT_DATA_AzureRM_GRAPHURL"] = "https://graph.windows.net/";
 process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/";
 process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/";
 process.env["ENDPOINT_DATA_AzureRM_ACTIVEDIRECTORYSERVICEENDPOINTRESOURCEID"] = "https://management.azure.com";
@@ -26,5 +25,4 @@ tr.registerMock('azure-pipelines-task-lib/toolrunner', require('azure-pipelines-
 tr.registerMock('azure-arm-rest-v2/azure-arm-resource', require('./mock_node_modules/azure-arm-resource'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-compute', require('./mock_node_modules/azure-arm-compute'));
 tr.registerMock('azure-arm-rest-v2/azure-arm-network', require('./mock_node_modules/azure-arm-network'));
-tr.registerMock('azure-arm-rest-v2/azure-graph', require('./mock_node_modules/azure-graph/azure-graph'));
 tr.run();
diff --git a/Tasks/AzureResourceGroupDeploymentV2/models/DeployAzureRG.ts b/Tasks/AzureResourceGroupDeploymentV2/models/DeployAzureRG.ts
@@ -66,7 +66,6 @@ export class AzureRGTaskParameters {
     public deploymentName: string;
     public deploymentMode: string;
     public credentials: msRestAzure.ApplicationTokenCredentials;
-    public graphCredentials: msRestAzure.ApplicationTokenCredentials;
     public deploymentGroupProjectName = "";
     public tokenCredentials: TokenCredentials;
     public deploymentOutputs: string;
@@ -96,18 +95,6 @@ export class AzureRGTaskParameters {
             throw (msg);
         }
     }
-
-    private _getAzureADGraphCredentials(connectedService: string): msRestAzure.ApplicationTokenCredentials {
-        var servicePrincipalId: string = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalid", false);
-        var servicePrincipalKey: string = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false);
-        var tenantId: string = tl.getEndpointAuthorizationParameter(connectedService, "tenantid", false);
-        var envAuthorityUrl: string = tl.getEndpointDataParameter(connectedService, 'environmentauthorityurl', false);
-        envAuthorityUrl = (envAuthorityUrl != null) ? envAuthorityUrl : "https://login.windows.net/";
-        var activeDirectoryResourceId: string = tl.getEndpointDataParameter(connectedService, 'graphUrl', false);
-        activeDirectoryResourceId = (activeDirectoryResourceId != null) ? activeDirectoryResourceId : "https://graph.windows.net/";
-        var credentials = new msRestAzure.ApplicationTokenCredentials(servicePrincipalId, tenantId, servicePrincipalKey, activeDirectoryResourceId, envAuthorityUrl, activeDirectoryResourceId, false);
-        return credentials;
-    }
 
     private async getARMCredentials(connectedService: string): Promise<msRestAzure.ApplicationTokenCredentials> {
         var azureEndpoint = await new AzureRMEndpoint(connectedService).getEndpoint();
@@ -153,7 +140,6 @@ export class AzureRGTaskParameters {
             this.deploymentName = tl.getInput("deploymentName");
             this.deploymentMode = tl.getInput("deploymentMode");
             this.credentials = await this.getARMCredentials(this.connectedService);
-            this.graphCredentials = this._getAzureADGraphCredentials(this.connectedService);
             this.deploymentGroupProjectName = tl.getInput("project");
             this.deploymentOutputs = tl.getInput("deploymentOutputs");
             this.addSpnToEnvironment = tl.getBoolInput("addSpnToEnvironment", false);

diff --git a/Tasks/AzureResourceGroupDeploymentV2/operations/ResourceGroup.ts b/Tasks/AzureResourceGroupDeploymentV2/operations/ResourceGroup.ts
@@ -2,7 +2,7 @@ import path = require("path");
 import tl = require("azure-pipelines-task-lib/task");
 import fs = require("fs");
 import util = require("util");
-import azureGraph = require("azure-arm-rest-v2/azure-graph");
+
 import env = require("./Environment");
 import deployAzureRG = require("../models/DeployAzureRG");
 import armResource = require("azure-arm-rest-v2/azure-arm-resource");
@@ -119,14 +119,12 @@ export class ResourceGroup {
     private winRMExtensionHelper: winRM.WinRMExtensionHelper;
     private deploymentGroupExtensionHelper: dgExtensionHelper.DeploymentGroupExtensionHelper;
     private environmentHelper: env.EnvironmentHelper;
-    private _spnName: string;
 
     constructor(taskParameters: deployAzureRG.AzureRGTaskParameters) {
         this.taskParameters = taskParameters;
         this.winRMExtensionHelper = new winRM.WinRMExtensionHelper(this.taskParameters);
         this.deploymentGroupExtensionHelper = new dgExtensionHelper.DeploymentGroupExtensionHelper(this.taskParameters);
         this.environmentHelper = new env.EnvironmentHelper(this.taskParameters);
-        this._spnName = null;
     }
 
     public async createOrUpdateResourceGroup(): Promise<void> {
@@ -527,11 +525,6 @@ export class ResourceGroup {
     }
 
     private async performAzureDeployment(armClient: armResource.ResourceManagementClient, deployment: Deployment, retryCount = 0): Promise<void> {
-
-        if(!this._spnName) {
-            this._spnName = await this.getServicePrincipalName();
-        }
-
         if (deployment.properties["mode"] === "Validation") {
             return this.validateDeployment(armClient, deployment);
         } else {
@@ -545,7 +538,6 @@ export class ResourceGroup {
                             return this.waitAndPerformAzureDeployment(armClient, deployment, retryCount);
                         }
                         this.writeDeploymentErrors(error);
-                        this.printServicePrincipalRoleAssignmentError(error);
                         this.checkAndPrintPortalDeploymentURL(error);
                         return reject(tl.loc("CreateTemplateDeploymentFailed"));
                     }
@@ -561,12 +553,6 @@ export class ResourceGroup {
         }
     }
 
-    private printServicePrincipalRoleAssignmentError(error: any) {
-        if(!!error && error.statusCode == 403) {
-            tl.error(tl.loc("ServicePrincipalRoleAssignmentDetails", this._spnName, this.taskParameters.resourceGroupName));
-        }
-    }
-
     protected checkAndPrintPortalDeploymentURL(error: any) {
         if(!!error && (error.statusCode < 400 || error.statusCode >= 500)) {
             tl.error(tl.loc("FindMoreDeploymentDetailsAzurePortal", this.getAzurePortalDeploymentURL()));
@@ -591,17 +577,6 @@ export class ResourceGroup {
         await this.performAzureDeployment(armClient, deployment, 3);
     }
 
-    protected async getServicePrincipalName(): Promise<string> {
-        try {
-            var graphClient: azureGraph.GraphManagementClient = new azureGraph.GraphManagementClient(this.taskParameters.graphCredentials);
-            var servicePrincipalObject = await graphClient.servicePrincipals.GetServicePrincipal(null);
-            return !!servicePrincipalObject ? servicePrincipalObject.appDisplayName : "";
-        } catch (error) {
-            tl.debug(tl.loc("ServicePrincipalFetchFailed", error));
-            return "";
-        }
-    }
-
     private getAzurePortalDeploymentURL() {
         try {
             let portalUrl = this.taskParameters.endpointPortalUrl ? this.taskParameters.endpointPortalUrl : "https://portal.azure.com";

diff --git a/Tasks/AzureResourceGroupDeploymentV2/task.json b/Tasks/AzureResourceGroupDeploymentV2/task.json
@@ -15,7 +15,7 @@
     "version": {
         "Major": 2,
         "Minor": 161,
-        "Patch": 8
+        "Patch": 9
     },
     "demands": [],
     "minimumAgentVersion": "2.119.1",
@@ -481,8 +481,6 @@
         "ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.",
         "DeploymentGroupConfigurationNotSucceeded": "Deployment group configuration did not succeed on one or more Virtual Machine(s): %s",
         "DeploymentGroupConfigurationFailedOnVM": "Failure for Virtual Machine '%s': %s",
-        "ServicePrincipalRoleAssignmentDetails": "Please make sure the Service Principal with name %s is assigned the right roles for the Resource Group %s. Follow the link for more details: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal",
-        "ServicePrincipalFetchFailed": "Error while fetching Service Principal details: %s",
         "FindMoreDeploymentDetailsAzurePortal": "Task successfully created an Azure Resource Manager deployment, but the deployment failed. Please see more detailed Azure resource manager deployment logs at: (Please Copy-Paste the link) %s"
     }
 }
diff --git a/Tasks/AzureResourceGroupDeploymentV2/task.loc.json b/Tasks/AzureResourceGroupDeploymentV2/task.loc.json
@@ -15,7 +15,7 @@
   "version": {
     "Major": 2,
     "Minor": 161,
-    "Patch": 8
+    "Patch": 9
   },
   "demands": [],
   "minimumAgentVersion": "2.119.1",
@@ -481,8 +481,6 @@
     "ExpiredServicePrincipal": "ms-resource:loc.messages.ExpiredServicePrincipal",
     "DeploymentGroupConfigurationNotSucceeded": "ms-resource:loc.messages.DeploymentGroupConfigurationNotSucceeded",
     "DeploymentGroupConfigurationFailedOnVM": "ms-resource:loc.messages.DeploymentGroupConfigurationFailedOnVM",
-    "ServicePrincipalRoleAssignmentDetails": "ms-resource:loc.messages.ServicePrincipalRoleAssignmentDetails",
-    "ServicePrincipalFetchFailed": "ms-resource:loc.messages.ServicePrincipalFetchFailed",
     "FindMoreDeploymentDetailsAzurePortal": "ms-resource:loc.messages.FindMoreDeploymentDetailsAzurePortal"
   }
 }
diff --git a/...zureResourceManagerTemplateDeploymentV3/Strings/resources.resjson/en-US/resources.resjson b/...zureResourceManagerTemplateDeploymentV3/Strings/resources.resjson/en-US/resources.resjson
@@ -83,7 +83,5 @@
   "loc.messages.LocationNotProvided": "Location is required for deployment",
   "loc.messages.ARMServiceConnectionScope": "ARM Service Conection deployment scope - %s",
   "loc.messages.CompleteDeploymentModeNotSupported": "Deployment mode 'Complete' is not supported for deployment at '%s' scope",
-  "loc.messages.ServicePrincipalRoleAssignmentDetails": "Please make sure the Service Principal with name %s is assigned the right roles for the entity %s. Follow the link for more details: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal",
-  "loc.messages.ServicePrincipalFetchFailed": "Error while fetching Service Principal details: %s",
   "loc.messages.FindMoreDeploymentDetailsAzurePortal": "Task successfully created an Azure Resource Manager deployment, but the deployment failed. Please see more detailed Azure resource manager deployment logs at: (Please Copy-Paste the link) %s"
 }