Users/ajya/nationalcloudclientsidechanges #3551
Conversation
|
LGTM 👍 |
Ajay-MS
requested review from
kmkumaran,
mvvsubbu,
pavanadepu2,
sachinma and
desattir
| private token_deferred: Q.Promise<string>; | ||
|
|
||
| constructor(clientId: string, domain: string, secret: string) { | ||
| constructor(clientId: string, domain: string, secret: string, armUrl: string, authUrl: string) { |
There was a problem hiding this comment.
authUrl is confusing since auth is mostly used for authentication. I would prefer full name authorityUrl
|
|
||
| var deferred = Q.defer<string>(); | ||
| var authorityUrl = authUrl + SPN.tenantID + "/oauth2/token/"; | ||
| var envAuthUrl = endpoint.envAuthUrl; |
There was a problem hiding this comment.
Check if it is necessary to hard-code envAuthUrl if it is null.
| @@ -41,6 +41,11 @@ function Initialize-AzureSubscription { | |||
|
|
|||
| #Set UserAgent for Azure Calls | |||
| Set-UserAgent | |||
|
|
|||
| $environmentName = "AzureCloud" | |||
| if( $Endpoint.Data.Environment ) { | |||
There was a problem hiding this comment.
this does not validate if it contains an empty string with space. Please check if you want to trim it before it gets used
| @@ -127,7 +127,7 @@ function Initialize-AzureSubscription { | |||
| # Else, this is AzureRM. | |||
| try { | |||
| Write-Host "##[command]Add-AzureRMAccount -ServicePrincipal -Tenant $($Endpoint.Auth.Parameters.TenantId) -Credential $psCredential" | |||
| $null = Add-AzureRMAccount -ServicePrincipal -Tenant $Endpoint.Auth.Parameters.TenantId -Credential $psCredential | |||
| $null = Add-AzureRMAccount -ServicePrincipal -Tenant $Endpoint.Auth.Parameters.TenantId -Credential $psCredential -EnvironmentName $environmentName | |||
There was a problem hiding this comment.
better to log $environmentName if it is within security rules
| @@ -321,6 +321,8 @@ | |||
| "ClientIdCannotBeEmpty": "clientId must be a non empty string.", | |||
| "DomainCannotBeEmpty": "domain must be a non empty string.", | |||
| "SecretCannotBeEmpty": "secret must be a non empty string.", | |||
| "armUrlCannotBeEmpty": "arm Url must be a non empty string.", | |||
There was a problem hiding this comment.
Is the plan only to add support in latest task version for ARG? I am fine with that call, but want to confirm with PMs.
| @@ -1,8 +1,8 @@ | |||
| # Private module-scope variables. | |||
| $script:jsonContentType = "application/json;charset=utf-8" | |||
| $script:formContentType = "application/x-www-form-urlencoded;charset=utf-8" | |||
| $script:azureRmUri = "https://management.azure.com" | |||
| $script:authUri = "https://login.microsoftonline.com/" | |||
| $script:defaultAuthUri = "https://login.microsoftonline.com/" | |||
There was a problem hiding this comment.
I can't find this URL in the get-Environment output. What url does this map to?
There was a problem hiding this comment.
login.windows.net is legacy auth URL, login.microsoftonline.com is latest auth url. In environment property its showing only latest one. Since other URL is being used at many places in application so added it as another property.
| $authUrl = $script:defaultAuthUri | ||
| if($endpoint.Data.activeDirectoryAuthority) | ||
| { | ||
| $authUrl = $endpoint.Data.activeDirectoryAuthority |
There was a problem hiding this comment.
Is activeDirecotryAuthority and environment Auth Url used interchangeably?
There was a problem hiding this comment.
In the GetAccessToken in nlbUtility you were using the environment Auth url. Why?
| @@ -41,6 +41,11 @@ function Initialize-AzureSubscription { | |||
|
|
|||
| #Set UserAgent for Azure Calls | |||
| Set-UserAgent | |||
|
|
|||
There was a problem hiding this comment.
Can you ensure Azure PowerShell task is covered as part of your testing?
There was a problem hiding this comment.
Yes I have tested Azure Powershell Task
| @@ -5,19 +5,20 @@ import * as httpClient from 'vso-node-api/HttpClient'; | |||
| import * as restClient from 'vso-node-api/RestClient'; | |||
|
|
|||
| var httpObj = new httpClient.HttpCallbackClient(tl.getVariable("AZURE_HTTP_USER_AGENT")); | |||
| var authUrl = 'https://login.windows.net/'; | |||
| var defaultAuthUrl = 'https://login.windows.net/'; | |||
| var azureApiVersion = '2016-09-01'; | |||
There was a problem hiding this comment.
Did this API version work fine in other Cloud environment types. Do you see any issue with Azure deployments causing issues?
| var azureApiVersion = '2016-09-01'; | ||
|
|
||
| function getAccessToken(SPN, endpointUrl: string): Q.Promise<string> { | ||
| function getAccessToken(endpoint, endpointUrl: string): Q.Promise<string> { |
There was a problem hiding this comment.
having the second parameter as enpointurl is confusing. There is already endpoint taken as input which has endpoint.url. I presume this is the resource for which you are requesting token. So should we just call it resource?
| $authUrl = $script:defaultAuthUri | ||
| if($endpoint.Data.activeDirectoryAuthority) | ||
| { | ||
| $authUrl = $endpoint.Data.activeDirectoryAuthority |
There was a problem hiding this comment.
In the GetAccessToken in nlbUtility you were using the environment Auth url. Why?
* Changes for national cloud * consume arm url from endpoint * authUrl and envAuthUrl fix * Test correction for client side changes * bump up task version and fixing review comments * null check for auth url in NLB task * added URL in endpoint object for NLB task * added environment to logs * reverted variable name back to SPN * Bump up task version corrsponding to master * corrections * Increased patch version for AFC
* Users/ajya/nationalcloudclientsidechanges (#3551) * Changes for national cloud * consume arm url from endpoint * authUrl and envAuthUrl fix * Test correction for client side changes * bump up task version and fixing review comments * null check for auth url in NLB task * added URL in endpoint object for NLB task * added environment to logs * reverted variable name back to SPN * Bump up task version corrsponding to master * corrections * Increased patch version for AFC * back compat for xml sub * resolve merge conflict * loc.json updated * Increase patch version as release branch version has been bumbed up * Increased patch version due to vincent xml sub fix * patch version bump up due to vincent fix * default URL check for Deploy Azure RG Task * Increased patch version of AFC to build package
No description provided.