Added special char trimming for ssl and updated help texts (#3724)

* Added special char trimming for ssl and updated help texts * Handle review comments
microsoft · Mar 3, 2017 · daac898 · daac898
1 parent c9a9cd3
commit daac898
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 32 deletions.
diff --git a/Tasks/IISWebAppManagementOnMachineGroup/Strings/resources.resjson/en-US/resources.resjson b/Tasks/IISWebAppManagementOnMachineGroup/Strings/resources.resjson/en-US/resources.resjson
@@ -25,7 +25,7 @@
   "loc.input.label.WebsiteAuthUserName": "Username",
   "loc.input.help.WebsiteAuthUserName": "Provide the user name that will be used to access the website's physical path.",
   "loc.input.label.WebsiteAuthUserPassword": "Password",
-  "loc.input.help.WebsiteAuthUserPassword": "Provide the user's password that will be used to access the website's physical path.",
+  "loc.input.help.WebsiteAuthUserPassword": "Provide the user's password that will be used to access the website's physical path. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>",
   "loc.input.label.AddBinding": "Add binding",
   "loc.input.help.AddBinding": "Select the option to add port binding for the website.",
   "loc.input.label.Protocol": "Protocol",
@@ -57,7 +57,7 @@
   "loc.input.label.AppPoolUsernameForWebsite": "Username",
   "loc.input.help.AppPoolUsernameForWebsite": "Provide the username of the custom account that you want to use.",
   "loc.input.label.AppPoolPasswordForWebsite": "Password",
-  "loc.input.help.AppPoolPasswordForWebsite": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. ",
+  "loc.input.help.AppPoolPasswordForWebsite": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>",
   "loc.input.label.ParentWebsiteNameForVD": "Parent website name",
   "loc.input.help.ParentWebsiteNameForVD": "Provide the name of the parent Website of the virtual directory.",
   "loc.input.label.VirtualPathForVD": "Virtual path",
@@ -69,7 +69,7 @@
   "loc.input.label.VDAuthUserName": "Username",
   "loc.input.help.VDAuthUserName": "Provide the user name that will be used to access the virtual directory's physical path.",
   "loc.input.label.VDAuthUserPassword": "Password",
-  "loc.input.help.VDAuthUserPassword": "Provide the user's password that will be used to access the virtual directory's physical path.",
+  "loc.input.help.VDAuthUserPassword": "Provide the user's password that will be used to access the virtual directory's physical path. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>",
   "loc.input.label.ParentWebsiteNameForApplication": "Parent website name",
   "loc.input.help.ParentWebsiteNameForApplication": "Provide the name of the parent Website under which the application will be created or updated.",
   "loc.input.label.VirtualPathForApplication": "Virtual path",
@@ -81,7 +81,7 @@
   "loc.input.label.ApplicationAuthUserName": "Username",
   "loc.input.help.ApplicationAuthUserName": "Provide the user name that will be used to access the application's physical path.",
   "loc.input.label.ApplicationAuthUserPassword": "Password",
-  "loc.input.help.ApplicationAuthUserPassword": "Provide the user's password that will be used to access the application's physical path.",
+  "loc.input.help.ApplicationAuthUserPassword": "Provide the user's password that will be used to access the application's physical path. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>",
   "loc.input.label.CreateOrUpdateAppPoolForApplication": "Create or update app pool",
   "loc.input.help.CreateOrUpdateAppPoolForApplication": "Select the option to create or update an application pool. If checked, the application will be created in the specified app pool.",
   "loc.input.label.AppPoolNameForApplication": "Name",
@@ -95,7 +95,7 @@
   "loc.input.label.AppPoolUsernameForApplication": "Username",
   "loc.input.help.AppPoolUsernameForApplication": "Provide the username of the custom account that you want to use.",
   "loc.input.label.AppPoolPasswordForApplication": "Password",
-  "loc.input.help.AppPoolPasswordForApplication": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.",
+  "loc.input.help.AppPoolPasswordForApplication": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>",
   "loc.input.label.AppPoolName": "Name",
   "loc.input.help.AppPoolName": "Provide the name of the IIS application pool to create or update.",
   "loc.input.label.DotNetVersion": ".NET version",
@@ -107,7 +107,7 @@
   "loc.input.label.AppPoolUsername": "Username",
   "loc.input.help.AppPoolUsername": "Provide the username of the custom account that you want to use.",
   "loc.input.label.AppPoolPassword": "Password",
-  "loc.input.help.AppPoolPassword": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.",
+  "loc.input.help.AppPoolPassword": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>",
   "loc.input.label.StartStopRecycleAppPoolName": "Application pool name",
   "loc.input.help.StartStopRecycleAppPoolName": "Provide the name of the IIS application pool.",
   "loc.input.label.AppCmdCommands": "Additional appcmd.exe commands",
@@ -116,5 +116,6 @@
   "loc.messages.InvalidVirtualPath": "Virtual path should begin with a /",
   "loc.messages.InvalidIISDeploymentType": "Invalid IIS Deployment Type : {0}",
   "loc.messages.InvalidActionIISWebsite": "Invalid action '{0}' selected for the IIS Website.",
-  "loc.messages.InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool."
+  "loc.messages.InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool.",
+  "loc.messages.SSLCertWarningInvalidCharacters": "SSL Certificate thumbprint contains non-hexadecimal characters. Trimming all non-hexadecimal characters."
 }
diff --git a/Tasks/IISWebAppManagementOnMachineGroup/Tests/L0.ts b/Tasks/IISWebAppManagementOnMachineGroup/Tests/L0.ts
@@ -36,11 +36,11 @@ describe('IISWebAppManagementOnMachineGroup Suite', function () {
             psr.run(path.join(__dirname, 'L0AppcmdAddUpdateWebsite.ps1'), done);
         }) 
 
-  		it('test website add binding', (done) => {
+  		it('test add binding for website', (done) => {
             psr.run(path.join(__dirname, 'L0AppcmdTestBinding.ps1'), done);
         })
 
-        it('test sni and sslcert addition', (done) => {
+        it('test sni and sslcert addition for https binding', (done) => {
             psr.run(path.join(__dirname, 'L0AppcmdTestSSLandSNI.ps1'), done);
         })
 
@@ -56,40 +56,40 @@ describe('IISWebAppManagementOnMachineGroup Suite', function () {
             psr.run(path.join(__dirname, 'L0AppcmdTestApplicationExists.ps1'), done);
         })
 
-        it('test add and update application function', (done) => {
+        it('test add and update application', (done) => {
             psr.run(path.join(__dirname, 'L0AppcmdAddUpdateApplication.ps1'), done);
         })
 
-        it('test virtual directory exists function', (done) => {
+        it('test virtual directory exists', (done) => {
             psr.run(path.join(__dirname, 'L0AppcmdTestVirtualDirExists.ps1'), done);
         }) 
 
-        it('test add and update virtual directory function', (done) => {
+        it('test add and update virtual directory', (done) => {
             psr.run(path.join(__dirname, 'L0AppcmdAddUpdateVDir.ps1'), done);
         })
 
-        it('test additional actions', (done) => {
+        it('test additional actions for website and application pool', (done) => {
             psr.run(path.join(__dirname, 'L0AppcmdAdditionalActions.ps1'), done);
         }) 
 
-        it('test execute-main function', (done) => {
+        it('test execute main for appcmd', (done) => {
             psr.run(path.join(__dirname, 'L0AppcmdExecuteMain.ps1'), done);
         }) 
 
-        it('test iis manage utility - manage virtual directory', (done) => {
-            psr.run(path.join(__dirname, 'L0UtilityManageVDir.ps1'), done);
+        it('test iis manage utility - manage website', (done) => {
+            psr.run(path.join(__dirname, 'L0UtilityManageWebsite.ps1'), done);
         }) 
-        
+
         it('test iis manage utility - manage application', (done) => {
             psr.run(path.join(__dirname, 'L0UtilityManageApp.ps1'), done);
         })
 
+        it('test iis manage utility - manage virtual directory', (done) => {
+            psr.run(path.join(__dirname, 'L0UtilityManageVDir.ps1'), done);
+        }) 
+
         it('test iis manage utility - manage application pool', (done) => {
             psr.run(path.join(__dirname, 'L0UtilityManageAppPool.ps1'), done);
         }) 
-
-        it('test iis manage utility - manage website', (done) => {
-            psr.run(path.join(__dirname, 'L0UtilityManageWebsite.ps1'), done);
-        }) 
     }    
 });
diff --git a/Tasks/IISWebAppManagementOnMachineGroup/Utility.ps1 b/Tasks/IISWebAppManagementOnMachineGroup/Utility.ps1
@@ -226,7 +226,17 @@ function Trim-Inputs([ref]$siteName, [ref]$physicalPath, [ref]$poolName, [ref]$v
     }
     if ($sslCertThumbPrint -ne $null) 
     {
-        $sslCertThumbPrint.Value = $sslCertThumbPrint.Value.Trim()
+        # Trim all non-hexadecimal characters from the ssl cetificate thumbprint
+        if([regex]::IsMatch($sslCertThumbPrint.Value, "[^a-fA-F0-9]+"))
+        {
+            Write-Warning (Get-VstsLocString -Key "SSLCertWarningInvalidCharacters")
+        }
+
+        $sslCertThumbprint.Value = [Regex]::Replace($sslCertThumbprint.Value, "[^a-fA-F0-9]+" , "")
+
+        # Mark the SSL thumbprint value to be a secret value 
+        $sslCertThumbprintValue = $sslCertThumbprint.Value
+        Write-Host "##vso[task.setvariable variable=f13679253bf44b74afbd244ae83ca735;isSecret=true]$sslCertThumbprintValue"
     }
 }
 

diff --git a/Tasks/IISWebAppManagementOnMachineGroup/task.json b/Tasks/IISWebAppManagementOnMachineGroup/task.json
@@ -16,7 +16,7 @@
 	"version": {
 		"Major": 0,
 		"Minor": 2,
-		"Patch": 0
+		"Patch": 1
 	},
 	"minimumAgentVersion": "2.111.0",
 	"instanceNameFormat": "Manage $(IISDeploymentType)",
@@ -153,7 +153,7 @@
 			"groupName": "Website",
 			"defaultValue": "",
 			"visibleRule": "WebsitePhysicalPathAuth = WebsiteWindowsAuth",
-			"helpMarkDown": "Provide the user's password that will be used to access the website's physical path."
+			"helpMarkDown": "Provide the user's password that will be used to access the website's physical path. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>" 
 		},
 		{
 			"name": "AddBinding",
@@ -326,7 +326,7 @@
 			"defaultValue": "",
 			"required": false,
 			"groupName": "ApplicationPoolForWebsite",
-			"helpMarkDown": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. ",
+			"helpMarkDown": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>",
 			"visibleRule": "AppPoolIdentityForWebsite = SpecificUser"
 		},	
 		{
@@ -385,7 +385,7 @@
 			"required": false,
 			"defaultValue": "",
 			"visibleRule": "VDPhysicalPathAuth = VDWindowsAuth",
-			"helpMarkDown": "Provide the user's password that will be used to access the virtual directory's physical path."
+			"helpMarkDown": "Provide the user's password that will be used to access the virtual directory's physical path. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>"
 		},
 		{
 			"name": "ParentWebsiteNameForApplication",
@@ -443,7 +443,7 @@
 			"required": false,
 			"defaultValue": "",
 			"visibleRule": "ApplicationPhysicalPathAuth = ApplicationWindowsAuth",
-			"helpMarkDown": "Provide the user's password that will be used to access the application's physical path."
+			"helpMarkDown": "Provide the user's password that will be used to access the application's physical path. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>"
 		},
 		{
 			"name": "CreateOrUpdateAppPoolForApplication",
@@ -524,7 +524,7 @@
 			"required": false,
 			"groupName": "ApplicationPoolForApplication",			
 			"visibleRule": "AppPoolIdentityForApplication = SpecificUser",
-			"helpMarkDown": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'."
+			"helpMarkDown": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>"
 		},
 		{
 			"name": "AppPoolName",
@@ -596,7 +596,7 @@
 			"required": false,
 			"groupName": "ApplicationPool",
 			"visibleRule": "AppPoolIdentity = SpecificUser",
-			"helpMarkDown": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'."
+			"helpMarkDown": "Provide the password for custom account. <br/>The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. <br> Note: Special characters in password are interpreted as per <a href=\"https://go.microsoft.com/fwlink/?linkid=843470\">command-line arguments</a>"
 		},
 		{
 			"name": "StartStopRecycleAppPoolName",
@@ -627,7 +627,8 @@
 		"InvalidVirtualPath": "Virtual path should begin with a /",
 		"InvalidIISDeploymentType": "Invalid IIS Deployment Type : {0}",
 		"InvalidActionIISWebsite": "Invalid action '{0}' selected for the IIS Website.",
-		"InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool."
+		"InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool.",
+		"SSLCertWarningInvalidCharacters": "SSL Certificate thumbprint contains non-hexadecimal characters. Trimming all non-hexadecimal characters."
 	}
 
 }
diff --git a/Tasks/IISWebAppManagementOnMachineGroup/task.loc.json b/Tasks/IISWebAppManagementOnMachineGroup/task.loc.json
@@ -16,7 +16,7 @@
   "version": {
     "Major": 0,
     "Minor": 2,
-    "Patch": 0
+    "Patch": 1
   },
   "minimumAgentVersion": "2.111.0",
   "instanceNameFormat": "ms-resource:loc.instanceNameFormat",
@@ -627,6 +627,7 @@
     "InvalidVirtualPath": "ms-resource:loc.messages.InvalidVirtualPath",
     "InvalidIISDeploymentType": "ms-resource:loc.messages.InvalidIISDeploymentType",
     "InvalidActionIISWebsite": "ms-resource:loc.messages.InvalidActionIISWebsite",
-    "InvalidActionIISAppPool": "ms-resource:loc.messages.InvalidActionIISAppPool"
+    "InvalidActionIISAppPool": "ms-resource:loc.messages.InvalidActionIISAppPool",
+    "SSLCertWarningInvalidCharacters": "ms-resource:loc.messages.SSLCertWarningInvalidCharacters"
   }
 }