From d539c24133179080ab72c57f0777045a326a180e Mon Sep 17 00:00:00 2001 From: Ajay Kumar Yadav Date: Thu, 16 Feb 2017 15:07:27 +0530 Subject: [PATCH] Users/ajya/nationalcloudclientsidechanges (#3551) * Changes for national cloud * consume arm url from endpoint * authUrl and envAuthUrl fix * Test correction for client side changes * bump up task version and fixing review comments * null check for auth url in NLB task * added URL in endpoint object for NLB task * added environment to logs * reverted variable name back to SPN * Bump up task version corrsponding to master * corrections * Increased patch version for AFC --- .../azureappservicemanage.ts | 1 + Tasks/AzureAppServiceManage/task.json | 2 +- Tasks/AzureAppServiceManage/task.loc.json | 2 +- Tasks/AzureFileCopy/task.json | 2 +- Tasks/AzureFileCopy/task.loc.json | 2 +- Tasks/AzureNLBManagement/nlbazureutility.ts | 13 +++---- Tasks/AzureNLBManagement/nlbtask.ts | 2 ++ Tasks/AzureNLBManagement/task.json | 2 +- Tasks/AzureNLBManagement/task.loc.json | 2 +- Tasks/AzurePowerShell/task.json | 2 +- Tasks/AzurePowerShell/task.loc.json | 2 +- .../resources.resjson/en-US/resources.resjson | 2 ++ .../Tests/addVSTSExtension.ts | 2 ++ .../Tests/deleteVSTSExtension.ts | 2 ++ .../models/DeployAzureRG.ts | 4 ++- .../azure-rest/AzureServiceClient.ts | 2 +- .../operations/azure-rest/azure-arm-common.ts | 24 +++++++++---- Tasks/AzureResourceGroupDeployment/task.json | 4 ++- .../task.loc.json | 4 ++- .../azurermwebappdeployment.ts | 1 + Tasks/AzureRmWebAppDeployment/task.json | 2 +- Tasks/AzureRmWebAppDeployment/task.loc.json | 2 +- .../VstsAzureHelpers_/InitializeFunctions.ps1 | 14 ++++---- ...ureSubscription.PassesValuesWhenSPAuth.ps1 | 2 +- .../VstsAzureRestHelpers_.psm1 | 34 ++++++++++++------- .../azurerest-common/azurerestutility.ts | 30 ++++++++-------- Tasks/SqlAzureDacpacDeployment/task.json | 2 +- Tasks/SqlAzureDacpacDeployment/task.loc.json | 2 +- 28 files changed, 101 insertions(+), 64 deletions(-) diff --git a/Tasks/AzureAppServiceManage/azureappservicemanage.ts b/Tasks/AzureAppServiceManage/azureappservicemanage.ts index 5204fe2602b9..f8e17430cf07 100644 --- a/Tasks/AzureAppServiceManage/azureappservicemanage.ts +++ b/Tasks/AzureAppServiceManage/azureappservicemanage.ts @@ -51,6 +51,7 @@ async function run() { endPoint["servicePrincipalKey"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'serviceprincipalkey', true); endPoint["tenantID"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'tenantid', true); endPoint["subscriptionId"] = tl.getEndpointDataParameter(connectedServiceName, 'subscriptionid', true); + endPoint["envAuthUrl"] = tl.getEndpointDataParameter(connectedServiceName, 'environmentAuthorityUrl', true); endPoint["url"] = tl.getEndpointUrl(connectedServiceName, true); if(resourceGroupName === null) { diff --git a/Tasks/AzureAppServiceManage/task.json b/Tasks/AzureAppServiceManage/task.json index b811dcfd404d..26d7fba11a82 100644 --- a/Tasks/AzureAppServiceManage/task.json +++ b/Tasks/AzureAppServiceManage/task.json @@ -17,7 +17,7 @@ "version": { "Major": 0, "Minor": 2, - "Patch": 2 + "Patch": 3 }, "minimumAgentVersion": "1.102.0", "instanceNameFormat": "$(Action): $(WebAppName)", diff --git a/Tasks/AzureAppServiceManage/task.loc.json b/Tasks/AzureAppServiceManage/task.loc.json index 61d3a46014ca..2754b03ab888 100644 --- a/Tasks/AzureAppServiceManage/task.loc.json +++ b/Tasks/AzureAppServiceManage/task.loc.json @@ -17,7 +17,7 @@ "version": { "Major": 0, "Minor": 2, - "Patch": 2 + "Patch": 3 }, "minimumAgentVersion": "1.102.0", "instanceNameFormat": "ms-resource:loc.instanceNameFormat", diff --git a/Tasks/AzureFileCopy/task.json b/Tasks/AzureFileCopy/task.json index e6d17d182b8d..13e1a73ae540 100644 --- a/Tasks/AzureFileCopy/task.json +++ b/Tasks/AzureFileCopy/task.json @@ -13,7 +13,7 @@ "version": { "Major": 1, "Minor": 0, - "Patch": 84 + "Patch": 85 }, "demands": [ "azureps" diff --git a/Tasks/AzureFileCopy/task.loc.json b/Tasks/AzureFileCopy/task.loc.json index 3b40641f7dd1..e2fff2aaa41d 100644 --- a/Tasks/AzureFileCopy/task.loc.json +++ b/Tasks/AzureFileCopy/task.loc.json @@ -13,7 +13,7 @@ "version": { "Major": 1, "Minor": 0, - "Patch": 84 + "Patch": 85 }, "demands": [ "azureps" diff --git a/Tasks/AzureNLBManagement/nlbazureutility.ts b/Tasks/AzureNLBManagement/nlbazureutility.ts index bab89e5cf79a..2165050da1ae 100644 --- a/Tasks/AzureNLBManagement/nlbazureutility.ts +++ b/Tasks/AzureNLBManagement/nlbazureutility.ts @@ -5,13 +5,14 @@ import * as httpClient from 'vso-node-api/HttpClient'; import * as restClient from 'vso-node-api/RestClient'; var httpObj = new httpClient.HttpCallbackClient(tl.getVariable("AZURE_HTTP_USER_AGENT")); -var authUrl = 'https://login.windows.net/'; +var defaultAuthUrl = 'https://login.windows.net/'; var azureApiVersion = '2016-09-01'; function getAccessToken(SPN, endpointUrl: string): Q.Promise { var deferred = Q.defer(); - var authorityUrl = authUrl + SPN.tenantID + "/oauth2/token/"; + var envAuthUrl = (SPN.envAuthUrl) ? SPN.envAuthUrl : defaultAuthUrl; + var authorityUrl = envAuthUrl + SPN.tenantID + "/oauth2/token/"; var post_data = querystring.stringify({ resource: endpointUrl, @@ -43,7 +44,7 @@ function getAccessToken(SPN, endpointUrl: string): Q.Promise { export async function getNetworkInterfacesInRG(SPN, endpointUrl: string, resourceGroupName: string) { var deferred = Q.defer(); - var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces?api-version=" + azureApiVersion; + var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces?api-version=" + azureApiVersion; var accessToken = await getAccessToken(SPN, endpointUrl); var requestHeader = { @@ -69,7 +70,7 @@ export async function getNetworkInterfacesInRG(SPN, endpointUrl: string, resourc export async function getLoadBalancer(SPN, endpointUrl: string, name: string, resourceGroupName: string) { var deferred = Q.defer(); - var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/loadBalancers/" + name + "?api-version=" + azureApiVersion; + var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/loadBalancers/" + name + "?api-version=" + azureApiVersion; var accessToken = await getAccessToken(SPN, endpointUrl); var requestHeader = { @@ -94,7 +95,7 @@ export async function getLoadBalancer(SPN, endpointUrl: string, name: string, re export async function getNetworkInterface(SPN, endpointUrl, name: string, resourceGroupName: string) { var deferred = Q.defer(); - var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + name + "?api-version=" + azureApiVersion; + var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + name + "?api-version=" + azureApiVersion; var accessToken = await getAccessToken(SPN, endpointUrl); var requestHeader = { @@ -139,7 +140,7 @@ async function checkProvisioningState(url: string, accessToken: string) { export async function setNetworkInterface(SPN, endpointUrl: string, nic, resourceGroupName: string){ var deferred = Q.defer(); - var restUrl = "https://management.azure.com/subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + nic.name + "?api-version=" + azureApiVersion; + var restUrl = SPN.url + "subscriptions/" + SPN.subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Network/networkInterfaces/" + nic.name + "?api-version=" + azureApiVersion; var accessToken = await getAccessToken(SPN, endpointUrl); var requestHeader = { "Content-Type": "application/json; charset=utf-8", diff --git a/Tasks/AzureNLBManagement/nlbtask.ts b/Tasks/AzureNLBManagement/nlbtask.ts index 4f123c79c28c..8387004979ed 100644 --- a/Tasks/AzureNLBManagement/nlbtask.ts +++ b/Tasks/AzureNLBManagement/nlbtask.ts @@ -22,6 +22,8 @@ async function run() { SPN["servicePrincipalKey"] = endPointAuthCreds.parameters["serviceprincipalkey"]; SPN["tenantID"] = endPointAuthCreds.parameters["tenantid"]; SPN["subscriptionId"] = tl.getEndpointDataParameter(connectedServiceName, 'subscriptionid', true); + SPN["envAuthUrl"] = tl.getEndpointDataParameter(connectedServiceName, 'environmentAuthorityUrl', true); + SPN["url"] = tl.getEndpointUrl(connectedServiceName, true); var nicVm = await getNetworkInterface(SPN, endpointUrl, resourceGroupName); tl.debug(`Network Interface - ${nicVm.name}'s configuration details fetched for the virtual machine ${process.env.COMPUTERNAME}`); diff --git a/Tasks/AzureNLBManagement/task.json b/Tasks/AzureNLBManagement/task.json index 822ce9e2b1ea..0e347fffa18f 100644 --- a/Tasks/AzureNLBManagement/task.json +++ b/Tasks/AzureNLBManagement/task.json @@ -16,7 +16,7 @@ "version": { "Major": 1, "Minor": 0, - "Patch": 2 + "Patch": 3 }, "minimumAgentVersion": "1.95.0", "instanceNameFormat": "Azure Network Load Balancer: $(LoadBalancer) - $(Action)", diff --git a/Tasks/AzureNLBManagement/task.loc.json b/Tasks/AzureNLBManagement/task.loc.json index 71f6e406bceb..55be57da8b7d 100644 --- a/Tasks/AzureNLBManagement/task.loc.json +++ b/Tasks/AzureNLBManagement/task.loc.json @@ -16,7 +16,7 @@ "version": { "Major": 1, "Minor": 0, - "Patch": 2 + "Patch": 3 }, "minimumAgentVersion": "1.95.0", "instanceNameFormat": "ms-resource:loc.instanceNameFormat", diff --git a/Tasks/AzurePowerShell/task.json b/Tasks/AzurePowerShell/task.json index 4e10e73f6f37..fb6f7c1ee07b 100644 --- a/Tasks/AzurePowerShell/task.json +++ b/Tasks/AzurePowerShell/task.json @@ -17,7 +17,7 @@ "version": { "Major": 1, "Minor": 113, - "Patch": 0 + "Patch": 1 }, "demands": [ "azureps" diff --git a/Tasks/AzurePowerShell/task.loc.json b/Tasks/AzurePowerShell/task.loc.json index 97332e2806d4..416ed750e339 100644 --- a/Tasks/AzurePowerShell/task.loc.json +++ b/Tasks/AzurePowerShell/task.loc.json @@ -17,7 +17,7 @@ "version": { "Major": 1, "Minor": 113, - "Patch": 0 + "Patch": 1 }, "demands": [ "azureps" diff --git a/Tasks/AzureResourceGroupDeployment/Strings/resources.resjson/en-US/resources.resjson b/Tasks/AzureResourceGroupDeployment/Strings/resources.resjson/en-US/resources.resjson index 7ffb5a29fbb8..2cf8dbe0f0ae 100644 --- a/Tasks/AzureResourceGroupDeployment/Strings/resources.resjson/en-US/resources.resjson +++ b/Tasks/AzureResourceGroupDeployment/Strings/resources.resjson/en-US/resources.resjson @@ -111,6 +111,8 @@ "loc.messages.ClientIdCannotBeEmpty": "clientId must be a non empty string.", "loc.messages.DomainCannotBeEmpty": "domain must be a non empty string.", "loc.messages.SecretCannotBeEmpty": "secret must be a non empty string.", + "loc.messages.armUrlCannotBeEmpty": "arm Url must be a non empty string.", + "loc.messages.authorityUrlCannotBeEmpty": "authority must be a non empty string.", "loc.messages.CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for azure. Status code: %s, status message: %s", "loc.messages.LoadBalancerNameCannotBeNull": "'loadBalancerName cannot be null or undefined and it must be of type string.'", "loc.messages.NetworkInterfaceNameCannotBeNull": "networkInterfaceName cannot be null or undefined and it must be of type string.", diff --git a/Tasks/AzureResourceGroupDeployment/Tests/addVSTSExtension.ts b/Tasks/AzureResourceGroupDeployment/Tests/addVSTSExtension.ts index 0a3d46fdd1d7..e33508bb392b 100644 --- a/Tasks/AzureResourceGroupDeployment/Tests/addVSTSExtension.ts +++ b/Tasks/AzureResourceGroupDeployment/Tests/addVSTSExtension.ts @@ -26,6 +26,8 @@ process.env["__mg__internal__project__name"] = "AzureProj"; process.env[ "ENDPOINT_AUTH_AzureRM"] = "{\"parameters\":{\"serviceprincipalid\":\"id\",\"serviceprincipalkey\":\"key\",\"tenantid\":\"tenant\"},\"scheme\":\"ServicePrincipal\"}"; process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId"; process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName"; +process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/"; +process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/"; tr.registerMock('vsts-task-lib/toolrunner', require('vsts-task-lib/mock-toolrunner')); tr.registerMock('./azure-rest/azure-arm-network', require('./mock_node_modules/azure-arm-network')); diff --git a/Tasks/AzureResourceGroupDeployment/Tests/deleteVSTSExtension.ts b/Tasks/AzureResourceGroupDeployment/Tests/deleteVSTSExtension.ts index d3e4dc11a97b..fa705b0f0d72 100644 --- a/Tasks/AzureResourceGroupDeployment/Tests/deleteVSTSExtension.ts +++ b/Tasks/AzureResourceGroupDeployment/Tests/deleteVSTSExtension.ts @@ -14,6 +14,8 @@ tr.setInput("vstsPATToken", "PAT"); process.env[ "ENDPOINT_AUTH_AzureRM"] = "{\"parameters\":{\"serviceprincipalid\":\"id\",\"serviceprincipalkey\":\"key\",\"tenantid\":\"tenant\"},\"scheme\":\"ServicePrincipal\"}"; process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONID"] = "sId"; process.env["ENDPOINT_DATA_AzureRM_SUBSCRIPTIONNAME"] = "sName"; +process.env["ENDPOINT_URL_AzureRM"] = "https://management.azure.com/"; +process.env["ENDPOINT_DATA_AzureRM_ENVIRONMENTAUTHORITYURL"] = "https://login.windows.net/"; process.env["__mg__internal__collection__uri"] = "https://testking123.visualstudio.com"; process.env["__mg__internal__project__name"] = "AzureProj"; diff --git a/Tasks/AzureResourceGroupDeployment/models/DeployAzureRG.ts b/Tasks/AzureResourceGroupDeployment/models/DeployAzureRG.ts index fb66c7268bdd..763cf093067a 100644 --- a/Tasks/AzureResourceGroupDeployment/models/DeployAzureRG.ts +++ b/Tasks/AzureResourceGroupDeployment/models/DeployAzureRG.ts @@ -64,7 +64,9 @@ export class AzureRGTaskParameters { var servicePrincipalId: string = endpointAuth.parameters["serviceprincipalid"]; var servicePrincipalKey: string = endpointAuth.parameters["serviceprincipalkey"]; var tenantId: string = endpointAuth.parameters["tenantid"]; - var credentials = new msRestAzure.ApplicationTokenCredentials(servicePrincipalId, tenantId, servicePrincipalKey); + var armUrl: string = tl.getEndpointUrl(connectedService, true); + var envAuthorityUrl: string = tl.getEndpointDataParameter(connectedService, 'environmentAuthorityUrl', true); + var credentials = new msRestAzure.ApplicationTokenCredentials(servicePrincipalId, tenantId, servicePrincipalKey, armUrl, envAuthorityUrl); return credentials; } } diff --git a/Tasks/AzureResourceGroupDeployment/operations/azure-rest/AzureServiceClient.ts b/Tasks/AzureResourceGroupDeployment/operations/azure-rest/AzureServiceClient.ts index 6f9ee59c4f75..86df906d7c4f 100644 --- a/Tasks/AzureResourceGroupDeployment/operations/azure-rest/AzureServiceClient.ts +++ b/Tasks/AzureResourceGroupDeployment/operations/azure-rest/AzureServiceClient.ts @@ -74,7 +74,7 @@ export class ServiceClient { this.credentials = credentials; this.subscriptionId = subscriptionId - this.baseUri = 'https://management.azure.com'; + this.baseUri = this.credentials.armUrl; this.longRunningOperationRetryTimeout = 60; // In minutes } diff --git a/Tasks/AzureResourceGroupDeployment/operations/azure-rest/azure-arm-common.ts b/Tasks/AzureResourceGroupDeployment/operations/azure-rest/azure-arm-common.ts index f7edf0d7f1ff..e0e619fcb837 100644 --- a/Tasks/AzureResourceGroupDeployment/operations/azure-rest/azure-arm-common.ts +++ b/Tasks/AzureResourceGroupDeployment/operations/azure-rest/azure-arm-common.ts @@ -6,8 +6,6 @@ var util = require('util'); var httpObj = new httpClient.HttpCallbackClient(tl.getVariable("AZURE_HTTP_USER_AGENT")); -var authUrl = 'https://login.windows.net/'; -var armUrl = 'https://management.azure.com/'; var azureApiVersion = 'api-version=2016-08-01'; @@ -15,9 +13,11 @@ export class ApplicationTokenCredentials { private clientId: string; private domain: string; private secret: string; + public armUrl: string; + public authorityUrl: string; private token_deferred: Q.Promise; - constructor(clientId: string, domain: string, secret: string) { + constructor(clientId: string, domain: string, secret: string, armUrl: string, authorityUrl: string) { if (!Boolean(clientId) || typeof clientId.valueOf() !== 'string') { throw new Error(tl.loc("ClientIdCannotBeEmpty")); } @@ -30,9 +30,19 @@ export class ApplicationTokenCredentials { throw new Error(tl.loc("SecretCannotBeEmpty")); } + if (!Boolean(armUrl) || typeof armUrl.valueOf() !== 'string') { + throw new Error(tl.loc("armUrlCannotBeEmpty")); + } + + if (!Boolean(authorityUrl) || typeof authorityUrl.valueOf() !== 'string') { + throw new Error(tl.loc("authorityUrlCannotBeEmpty")); + } + this.clientId = clientId; this.domain = domain; this.secret = secret; + this.armUrl = armUrl; + this.authorityUrl = authorityUrl; } public getToken(force?: boolean): Q.Promise { @@ -45,9 +55,9 @@ export class ApplicationTokenCredentials { private getAuthorizationToken(): Q.Promise { var deferred = Q.defer(); - var authorityUrl = authUrl + this.domain + "/oauth2/token/"; + var oauthTokenRequestUrl = this.authorityUrl + this.domain + "/oauth2/token/"; var requestData = querystring.stringify({ - resource: 'https://management.azure.com/', + resource: this.armUrl, client_id: this.clientId, grant_type: "client_credentials", client_secret: this.secret @@ -56,8 +66,8 @@ export class ApplicationTokenCredentials { "Content-Type": "application/x-www-form-urlencoded; charset=utf-8" }; - tl.debug('Requesting for Auth Token: ' + authorityUrl); - httpObj.send('POST', authorityUrl, requestData, requestHeader, (error, response, body) => { + tl.debug('Requesting for Auth Token: ' + oauthTokenRequestUrl); + httpObj.send('POST', oauthTokenRequestUrl, requestData, requestHeader, (error, response, body) => { if (error) { deferred.reject(error); } diff --git a/Tasks/AzureResourceGroupDeployment/task.json b/Tasks/AzureResourceGroupDeployment/task.json index 503bed4e4a94..37f186df9d44 100644 --- a/Tasks/AzureResourceGroupDeployment/task.json +++ b/Tasks/AzureResourceGroupDeployment/task.json @@ -14,7 +14,7 @@ "version": { "Major": 2, "Minor": 0, - "Patch": 0 + "Patch": 1 }, "demands": [], "minimumAgentVersion": "2.0.0", @@ -320,6 +320,8 @@ "ClientIdCannotBeEmpty": "clientId must be a non empty string.", "DomainCannotBeEmpty": "domain must be a non empty string.", "SecretCannotBeEmpty": "secret must be a non empty string.", + "armUrlCannotBeEmpty": "arm Url must be a non empty string.", + "authorityUrlCannotBeEmpty": "authority must be a non empty string.", "CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for azure. Status code: %s, status message: %s", "LoadBalancerNameCannotBeNull": "'loadBalancerName cannot be null or undefined and it must be of type string.'", "NetworkInterfaceNameCannotBeNull": "networkInterfaceName cannot be null or undefined and it must be of type string.", diff --git a/Tasks/AzureResourceGroupDeployment/task.loc.json b/Tasks/AzureResourceGroupDeployment/task.loc.json index dcc438a489d5..8c63ea1cc25a 100644 --- a/Tasks/AzureResourceGroupDeployment/task.loc.json +++ b/Tasks/AzureResourceGroupDeployment/task.loc.json @@ -14,7 +14,7 @@ "version": { "Major": 2, "Minor": 0, - "Patch": 0 + "Patch": 1 }, "demands": [], "minimumAgentVersion": "2.0.0", @@ -320,6 +320,8 @@ "ClientIdCannotBeEmpty": "ms-resource:loc.messages.ClientIdCannotBeEmpty", "DomainCannotBeEmpty": "ms-resource:loc.messages.DomainCannotBeEmpty", "SecretCannotBeEmpty": "ms-resource:loc.messages.SecretCannotBeEmpty", + "armUrlCannotBeEmpty": "ms-resource:loc.messages.armUrlCannotBeEmpty", + "authorityUrlCannotBeEmpty": "ms-resource:loc.messages.authorityUrlCannotBeEmpty", "CouldNotFetchAccessTokenforAzureStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforAzureStatusCode", "LoadBalancerNameCannotBeNull": "ms-resource:loc.messages.LoadBalancerNameCannotBeNull", "NetworkInterfaceNameCannotBeNull": "ms-resource:loc.messages.NetworkInterfaceNameCannotBeNull", diff --git a/Tasks/AzureRmWebAppDeployment/azurermwebappdeployment.ts b/Tasks/AzureRmWebAppDeployment/azurermwebappdeployment.ts index 7e5139d80493..026bd19835dd 100644 --- a/Tasks/AzureRmWebAppDeployment/azurermwebappdeployment.ts +++ b/Tasks/AzureRmWebAppDeployment/azurermwebappdeployment.ts @@ -42,6 +42,7 @@ async function run() { endPoint["servicePrincipalKey"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'serviceprincipalkey', true); endPoint["tenantID"] = tl.getEndpointAuthorizationParameter(connectedServiceName, 'tenantid', true); endPoint["subscriptionId"] = tl.getEndpointDataParameter(connectedServiceName, 'subscriptionid', true); + endPoint["envAuthUrl"] = tl.getEndpointDataParameter(connectedServiceName, 'environmentAuthorityUrl', true); endPoint["url"] = tl.getEndpointUrl(connectedServiceName, true); if(deployToSlotFlag) { diff --git a/Tasks/AzureRmWebAppDeployment/task.json b/Tasks/AzureRmWebAppDeployment/task.json index 19d5617968b4..9d101b3a916c 100644 --- a/Tasks/AzureRmWebAppDeployment/task.json +++ b/Tasks/AzureRmWebAppDeployment/task.json @@ -16,7 +16,7 @@ "version": { "Major": 3, "Minor": 0, - "Patch": 7 + "Patch": 8 }, "preview": "true", "releaseNotes": "What's new in Version 3.0:
  Supports File Transformations (XDT)
  Supports Variable Substitutions(XML, JSON)
Click [here](https://aka.ms/azurermwebdeployreadme) for more Information.", diff --git a/Tasks/AzureRmWebAppDeployment/task.loc.json b/Tasks/AzureRmWebAppDeployment/task.loc.json index fb16de8f8fa3..1492cdc2aacf 100644 --- a/Tasks/AzureRmWebAppDeployment/task.loc.json +++ b/Tasks/AzureRmWebAppDeployment/task.loc.json @@ -16,7 +16,7 @@ "version": { "Major": 3, "Minor": 0, - "Patch": 7 + "Patch": 8 }, "preview": "true", "releaseNotes": "What's new in Version 3.0:
  Supports File Transformations (XDT)
  Supports Variable Substitutions(XML, JSON)
Click [here](https://aka.ms/azurermwebdeployreadme) for more Information.", diff --git a/Tasks/Common/VstsAzureHelpers_/InitializeFunctions.ps1 b/Tasks/Common/VstsAzureHelpers_/InitializeFunctions.ps1 index 2ee32809154a..943b26460a9b 100644 --- a/Tasks/Common/VstsAzureHelpers_/InitializeFunctions.ps1 +++ b/Tasks/Common/VstsAzureHelpers_/InitializeFunctions.ps1 @@ -41,6 +41,11 @@ function Initialize-AzureSubscription { #Set UserAgent for Azure Calls Set-UserAgent + + $environmentName = "AzureCloud" + if($Endpoint.Data.Environment) { + $environmentName = $Endpoint.Data.Environment + } if ($Endpoint.Auth.Scheme -eq 'Certificate') { # Certificate is only supported for the Azure module. @@ -57,11 +62,6 @@ function Initialize-AzureSubscription { $additional['CurrentStorageAccountName'] = $StorageAccount } - $environmentName = "AzureCloud" - if( $Endpoint.Data.Environment ) { - $environmentName = $Endpoint.Data.Environment - } - # Set the subscription. Write-Host "##[command]Set-AzureSubscription -SubscriptionName $($Endpoint.Data.SubscriptionName) -SubscriptionId $($Endpoint.Data.SubscriptionId) -Certificate ******** -Environment $environmentName $(Format-Splat $additional)" Set-AzureSubscription -SubscriptionName $Endpoint.Data.SubscriptionName -SubscriptionId $Endpoint.Data.SubscriptionId -Certificate $certificate -Environment $environmentName @additional @@ -126,8 +126,8 @@ function Initialize-AzureSubscription { } else { # Else, this is AzureRM. try { - Write-Host "##[command]Add-AzureRMAccount -ServicePrincipal -Tenant $($Endpoint.Auth.Parameters.TenantId) -Credential $psCredential" - $null = Add-AzureRMAccount -ServicePrincipal -Tenant $Endpoint.Auth.Parameters.TenantId -Credential $psCredential + Write-Host "##[command]Add-AzureRMAccount -ServicePrincipal -Tenant $($Endpoint.Auth.Parameters.TenantId) -Credential $psCredential -EnvironmentName $environmentName" + $null = Add-AzureRMAccount -ServicePrincipal -Tenant $Endpoint.Auth.Parameters.TenantId -Credential $psCredential -EnvironmentName $environmentName } catch { # Provide an additional, custom, credentials-related error message. Write-VstsTaskError -Message $_.Exception.Message diff --git a/Tasks/Common/VstsAzureHelpers_/Tests/Initialize-AzureSubscription.PassesValuesWhenSPAuth.ps1 b/Tasks/Common/VstsAzureHelpers_/Tests/Initialize-AzureSubscription.PassesValuesWhenSPAuth.ps1 index 09b847d2dc3e..f0f93d59cfed 100644 --- a/Tasks/Common/VstsAzureHelpers_/Tests/Initialize-AzureSubscription.PassesValuesWhenSPAuth.ps1 +++ b/Tasks/Common/VstsAzureHelpers_/Tests/Initialize-AzureSubscription.PassesValuesWhenSPAuth.ps1 @@ -67,7 +67,7 @@ foreach ($variableSet in $variableSets) { Assert-WasCalled Set-CurrentAzureSubscription -- -SubscriptionId $endpoint.Data.SubscriptionId -StorageAccount $variableSet.StorageAccount } else { Assert-WasCalled Add-AzureRMAccount -ArgumentsEvaluator { - $args.Length -eq 5 -and + $args.Length -eq 7 -and $args[0] -eq '-ServicePrincipal' -and $args[1] -eq '-Tenant' -and $args[2] -eq 'Some tenant ID' -and diff --git a/Tasks/Common/VstsAzureRestHelpers_/VstsAzureRestHelpers_.psm1 b/Tasks/Common/VstsAzureRestHelpers_/VstsAzureRestHelpers_.psm1 index c9a0301fc968..e8c7651998e3 100644 --- a/Tasks/Common/VstsAzureRestHelpers_/VstsAzureRestHelpers_.psm1 +++ b/Tasks/Common/VstsAzureRestHelpers_/VstsAzureRestHelpers_.psm1 @@ -1,8 +1,8 @@ # Private module-scope variables. $script:jsonContentType = "application/json;charset=utf-8" $script:formContentType = "application/x-www-form-urlencoded;charset=utf-8" -$script:azureRmUri = "https://management.azure.com" -$script:authUri = "https://login.microsoftonline.com/" +$script:defaultAuthUri = "https://login.microsoftonline.com/" +$script:defaultEnvironmentAuthUri = "https://login.windows.net/" # Connection Types $certificateConnection = 'Certificate' @@ -109,8 +109,13 @@ function Get-UsernamePasswordAccessToken { # Well known Client-Id $password = $endpoint.Auth.Parameters.Password $username = $endpoint.Auth.Parameters.UserName + $authUrl = $script:defaultAuthUri + if($endpoint.Data.activeDirectoryAuthority) + { + $authUrl = $endpoint.Data.activeDirectoryAuthority + } - $authUri = "$script:authUri/common/oauth2/token" + $authUri = "$authUrl/common/oauth2/token" $body = @{ resource=$script:azureUri client_id=$azurePsClientId @@ -140,12 +145,17 @@ function Get-SpnAccessToken { $principalId = $endpoint.Auth.Parameters.ServicePrincipalId $tenantId = $endpoint.Auth.Parameters.TenantId $principalKey = $endpoint.Auth.Parameters.ServicePrincipalKey + $envAuthUrl = $script:defaultEnvironmentAuthUri + if($endpoint.Data.environmentAuthorityUrl) + { + $envAuthUrl = $endpoint.Data.environmentAuthorityUrl + } $azureUri = Get-AzureUri $endpoint # Prepare contents for POST $method = "POST" - $authUri = "https://login.windows.net/$tenantId/oauth2/token" + $authUri = "$envAuthUrl" + "$tenantId/oauth2/token" $body = @{ resource=$azureUri+"/" client_id=$principalId @@ -246,7 +256,7 @@ function Get-AzRMStorageKeys $resourceGroupId = $resourceGroupDetails.id $method = "POST" - $uri = "$script:azureRmUri$resourceGroupId/providers/Microsoft.Storage/storageAccounts/$storageAccountName/listKeys" + '?api-version=2015-06-15' + $uri = "$($endpoint.Url)$resourceGroupId/providers/Microsoft.Storage/storageAccounts/$storageAccountName/listKeys" + '?api-version=2015-06-15' $headers = @{"Authorization" = ("{0} {1}" -f $accessToken.token_type, $accessToken.access_token)} @@ -287,7 +297,7 @@ function Get-AzRmVmCustomScriptExtension $resourceGroupId = $resourceGroupDetails.id $method="GET" - $uri = "$script:azureRmUri$resourceGroupId/providers/Microsoft.Compute/virtualMachines/$vmName/extensions/$Name" + '?api-version=2016-03-30' + $uri = "$($endpoint.Url)$resourceGroupId/providers/Microsoft.Compute/virtualMachines/$vmName/extensions/$Name" + '?api-version=2016-03-30' $headers = @{"accept-language" = "en-US"} $headers.Add("Authorization", ("{0} {1}" -f $accessToken.token_type, $accessToken.access_token)) @@ -329,7 +339,7 @@ function Remove-AzRmVmCustomScriptExtension $resourceGroupId = $resourceGroupDetails.id $method="DELETE" - $uri = "$script:azureRmUri$resourceGroupId/providers/Microsoft.Compute/virtualMachines/$vmName/extensions/$Name" + '?api-version=2016-03-30' + $uri = "$($endpoint.Url)$resourceGroupId/providers/Microsoft.Compute/virtualMachines/$vmName/extensions/$Name" + '?api-version=2016-03-30' $headers = @{"accept-language" = "en-US"} $headers.Add("Authorization", ("{0} {1}" -f $accessToken.token_type, $accessToken.access_token)) @@ -409,7 +419,7 @@ function Get-AzRmStorageAccount $resourceGroupId = $resourceGroupDetails.id $method="GET" - $uri = "$script:azureRmUri$resourceGroupId/providers/Microsoft.Storage/storageAccounts/$storageAccountName" + '?api-version=2016-01-01' + $uri = "$($endpoint.Url)$resourceGroupId/providers/Microsoft.Storage/storageAccounts/$storageAccountName" + '?api-version=2016-01-01' $headers = @{"Authorization" = ("{0} {1}" -f $accessToken.token_type, $accessToken.access_token)} @@ -463,7 +473,7 @@ function Get-AzRmResourceGroup $subscriptionId = $endpoint.Data.SubscriptionId.ToLower() $method="GET" - $uri = "$script:azureRmUri/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName" + '?api-version=2016-02-01' + $uri = "$($endpoint.Url)/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName" + '?api-version=2016-02-01' $headers = @{"Authorization" = ("{0} {1}" -f $accessToken.token_type, $accessToken.access_token)} @@ -502,7 +512,7 @@ function Get-AzureSqlDatabaseServerResourceId Write-Verbose "[Azure Rest Call] Get Resource Groups" $method = "GET" - $uri = "$script:azureRmUri/subscriptions/$subscriptionId/resources?api-version=$apiVersion" + $uri = "$($endpoint.Url)/subscriptions/$subscriptionId/resources?api-version=$apiVersion" $headers = @{Authorization=("{0} {1}" -f $accessToken.token_type, $accessToken.access_token)} do { @@ -573,7 +583,7 @@ function Add-AzureRmSqlServerFirewall # get azure sql server resource Id $azureResourceId = Get-AzureSqlDatabaseServerResourceId -endpoint $endpoint -serverName $serverName -accessToken $accessToken - $uri = "$script:azureRmUri/$azureResourceId/firewallRules/$firewallRuleName\?api-version=$apiVersion" + $uri = "$($endpoint.Url)/$azureResourceId/firewallRules/$firewallRuleName\?api-version=$apiVersion" $body = "{ 'properties' : { 'startIpAddress':'$startIPAddress', @@ -626,7 +636,7 @@ function Remove-AzureRmSqlServerFirewall # Fetch Azure SQL server resource Id $azureResourceId = Get-AzureSqlDatabaseServerResourceId -endpoint $endpoint -serverName $serverName -accessToken $accessToken - $uri = "$script:azureRmUri/$azureResourceId/firewallRules/$firewallRuleName\?api-version=$apiVersion" + $uri = "$($endpoint.Url)/$azureResourceId/firewallRules/$firewallRuleName\?api-version=$apiVersion" $headers = @{Authorization=("{0} {1}" -f $accessToken.token_type, $accessToken.access_token)} Invoke-RestMethod -Uri $uri -Method Delete -Headers $headers diff --git a/Tasks/Common/azurerest-common/azurerestutility.ts b/Tasks/Common/azurerest-common/azurerestutility.ts index a530a400234c..db2de52dd123 100644 --- a/Tasks/Common/azurerest-common/azurerestutility.ts +++ b/Tasks/Common/azurerest-common/azurerestutility.ts @@ -11,8 +11,7 @@ var kuduDeploymentStatusUtility = require('./kududeploymentstatusutility.js'); var httpObj = new httpClient.HttpCallbackClient(tl.getVariable("AZURE_HTTP_USER_AGENT")); var restObj = new restClient.RestCallbackClient(httpObj); -var authUrl = 'https://login.windows.net/'; -var armUrl = 'https://management.azure.com/'; +var defaultAuthUrl = 'https://login.windows.net/'; var azureApiVersion = 'api-version=2016-08-01'; /** @@ -23,7 +22,7 @@ var azureApiVersion = 'api-version=2016-08-01'; */ export async function getResourceGroupName(endpoint, webAppName: string) { - var requestURL = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resources?$filter=resourceType EQ \'Microsoft.Web/Sites\' AND name EQ \'' + webAppName + '\'&api-version=2016-07-01'; + var requestURL = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resources?$filter=resourceType EQ \'Microsoft.Web/Sites\' AND name EQ \'' + webAppName + '\'&api-version=2016-07-01'; var accessToken = await getAuthorizationToken(endpoint); var headers = { authorization: 'Bearer '+ accessToken @@ -97,7 +96,7 @@ export async function getAzureRMWebAppPublishProfile(endPoint, webAppName: strin var deferred = Q.defer(); var slotUrl = deployToSlotFlag ? "/slots/" + slotName : ""; - var url = armUrl + 'subscriptions/' + endPoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var url = endPoint.url + 'subscriptions/' + endPoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + '/publishxml?' + azureApiVersion; tl.debug('Requesting Azure Publish Profile: ' + url); @@ -126,7 +125,8 @@ export async function getAzureRMWebAppPublishProfile(endPoint, webAppName: strin function getAuthorizationToken(endPoint): Q.Promise { var deferred = Q.defer(); - var authorityUrl = authUrl + endPoint.tenantID + "/oauth2/token/"; + var envAuthUrl = (endPoint.envAuthUrl) ? (endPoint.envAuthUrl) : defaultAuthUrl; + var authorityUrl = envAuthUrl + endPoint.tenantID + "/oauth2/token/"; var requestData = querystring.stringify({ resource: endPoint.url, client_id: endPoint.servicePrincipalClientID, @@ -198,7 +198,7 @@ export async function getAzureRMWebAppConfigDetails(endpoint, webAppName: string }; var slotUrl = deployToSlotFlag ? "/slots/" + slotName : ""; - var configUrl = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var configUrl = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + '/config/web?' + azureApiVersion; tl.debug('Requesting Azure App Service Config Details: ' + configUrl); @@ -218,17 +218,17 @@ export async function getAzureRMWebAppConfigDetails(endpoint, webAppName: string return deferred.promise; } -export async function updateAzureRMWebAppConfigDetails(SPN, webAppName: string, resourceGroupName: string, deployToSlotFlag: boolean, slotName: string, configDetails: string) { +export async function updateAzureRMWebAppConfigDetails(endPoint, webAppName: string, resourceGroupName: string, deployToSlotFlag: boolean, slotName: string, configDetails: string) { var deferred = Q.defer(); - var accessToken = await getAuthorizationToken(SPN); + var accessToken = await getAuthorizationToken(endPoint); var headers = { 'Authorization': 'Bearer '+ accessToken, 'Content-Type': 'application/json' }; var slotUrl = deployToSlotFlag ? "/slots/" + slotName : ""; - var configUrl = armUrl + 'subscriptions/' + SPN.subscriptionId + '/resourceGroups/' + resourceGroupName + + var configUrl = endPoint.url + 'subscriptions/' + endPoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + '/config/web?' + azureApiVersion; tl.debug('Updating config details at: ' + configUrl); @@ -257,7 +257,7 @@ export async function getWebAppAppSettings(endpoint, webAppName: string, resourc }; var slotUrl = deployToSlotFlag ? "/slots/" + slotName : ""; - var configUrl = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var configUrl = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + '/config/appsettings/list?' + azureApiVersion; tl.debug('Requesting for the Current List of App Settings: ' + configUrl); @@ -287,7 +287,7 @@ export async function updateWebAppAppSettings(endpoint, webAppName: string, reso }; var slotUrl = deployToSlotFlag ? "/slots/" + slotName : ""; - var configUrl = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var configUrl = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + '/config/appsettings?' + azureApiVersion; tl.debug('Updating the Current List of App Settings: ' + configUrl); @@ -357,7 +357,7 @@ function monitorSlotSwap(SPN, webAppName, resourceGroupName, sourceSlot, targetS export async function swapWebAppSlot(endpoint, resourceGroupName: string, webAppName: string, sourceSlot: string, targetSlot: string,preserveVnet: boolean) { var deferred = Q.defer(); - var url = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var url = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + "/slots/" + sourceSlot + '/slotsswap?' + azureApiVersion; var accessToken = await getAuthorizationToken(endpoint); @@ -396,7 +396,7 @@ export async function startAppService(endpoint, resourceGroupName: string, webAp var deferred = Q.defer(); var slotUrl = (specifySlotFlag) ? "/slots/" + slotName : ""; - var url = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var url = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + "/start?" + azureApiVersion; var accessToken = await getAuthorizationToken(endpoint); @@ -424,7 +424,7 @@ export async function stopAppService(endpoint, resourceGroupName: string, webApp var deferred = Q.defer(); var slotUrl = (specifySlotFlag) ? "/slots/" + slotName : ""; - var url = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var url = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + "/stop?" + azureApiVersion; var accessToken = await getAuthorizationToken(endpoint); @@ -452,7 +452,7 @@ export async function restartAppService(endpoint, resourceGroupName: string, web var deferred = Q.defer(); var slotUrl = (specifySlotFlag) ? "/slots/" + slotName : ""; - var url = armUrl + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + + var url = endpoint.url + 'subscriptions/' + endpoint.subscriptionId + '/resourceGroups/' + resourceGroupName + '/providers/Microsoft.Web/sites/' + webAppName + slotUrl + "/restart?" + azureApiVersion + '&synchronous=true'; var accessToken = await getAuthorizationToken(endpoint); diff --git a/Tasks/SqlAzureDacpacDeployment/task.json b/Tasks/SqlAzureDacpacDeployment/task.json index 46435cb95e4e..01f1a40d685c 100644 --- a/Tasks/SqlAzureDacpacDeployment/task.json +++ b/Tasks/SqlAzureDacpacDeployment/task.json @@ -16,7 +16,7 @@ "version": { "Major": 1, "Minor": 1, - "Patch": 7 + "Patch": 8 }, "demands": [ "sqlpackage" diff --git a/Tasks/SqlAzureDacpacDeployment/task.loc.json b/Tasks/SqlAzureDacpacDeployment/task.loc.json index 018a02c24f81..5d4feb5864dd 100644 --- a/Tasks/SqlAzureDacpacDeployment/task.loc.json +++ b/Tasks/SqlAzureDacpacDeployment/task.loc.json @@ -16,7 +16,7 @@ "version": { "Major": 1, "Minor": 1, - "Patch": 7 + "Patch": 8 }, "demands": [ "sqlpackage"