New service connection object with workloadidentity (#3855)

* New serive connection object with cert is used * new service connection with workload federated identity * Azure Powershell version changed to 5 * Add support for ClientAssertion type
microsoft · May 15, 2024 · 36333f8 · 36333f8
1 parent ab60c24
commit 36333f8
Show file tree

Hide file tree

Showing 11 changed files with 17 additions and 13 deletions.
diff --git a/build/build-variables.yml b/build/build-variables.yml
@@ -27,7 +27,7 @@ variables:
   TestEnvironmentUrl_R5_Sql: 'https://$(DeploymentEnvironmentName)-r5-sql.azurewebsites.net'
   #-----------------------------------------------------------------------------------------
   TestClientUrl: 'https://$(DeploymentEnvironmentName)-client/'
-  ConnectedServiceName: 'Microsoft Health Open Source Subscription - new'
+  ConnectedServiceName: 'oss-service-connection-with-workloadidentity'
   WindowsVmImage: 'windows-latest'
   LinuxVmImage: 'ubuntu-latest'  
   TestApplicationResource: 'https://$(DeploymentEnvironmentName).$(tenantDomain)'

diff --git a/build/ci-pipeline-mag.yml b/build/ci-pipeline-mag.yml
@@ -23,15 +23,15 @@ stages:
   jobs:
   - job: ProvisionEnvironment
     steps:
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
       displayName: Provision Resource Group
       inputs:
         azureSubscription: $(ConnectedServiceName)
         azurePowerShellVersion: latestVersion
         ScriptType: inlineScript
         Inline: |
           New-AzResourceGroup -Name "$(resourceGroupRoot)" -Location "$(ResourceGroupRegion)" -Force
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
       displayName: 'Deploy Default Site'
       inputs:
         azureSubscription: $(ConnectedServiceName)
@@ -67,7 +67,7 @@ stages:
 
           # Deploy SQL Environment
           New-AzResourceGroupDeployment -Name "$(DeploymentEnvironmentNameR4Sql)" -ResourceGroupName "$(resourceGroupRoot)" -TemplateFile $(System.DefaultWorkingDirectory)/samples/templates/default-azuredeploy.json -TemplateParameterObject $templateParameters -Verbose
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
       displayName: 'Delete resource group'
       inputs:
         azureSubscription: $(ConnectedServiceName)

diff --git a/build/cleanup-pr-environments.yml b/build/cleanup-pr-environments.yml
@@ -17,7 +17,7 @@ stages:
       name: '$(SharedLinuxPool)'
       vmImage: '$(LinuxVmImage)'
     steps:
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
       displayName: 'Delete resource group'
       inputs:
         azureSubscription: $(ConnectedServiceName)

diff --git a/build/jobs/clean-storage-accounts.yml b/build/jobs/clean-storage-accounts.yml
@@ -7,7 +7,7 @@ jobs:
   pool:
     vmImage: $(WindowsVmImage)
   steps:
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
     displayName: 'Clean Storage Accounts'
     continueOnError: true
     inputs:

diff --git a/build/jobs/cleanup-aad.yml b/build/jobs/cleanup-aad.yml
@@ -10,7 +10,7 @@ jobs:
       azureSubscription: $(ConnectedServiceName)
       KeyVaultName: 'resolute-oss-tenant-info'
 
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
     displayName: 'Delete AAD apps'
     inputs:
       azureSubscription: $(ConnectedServiceName)

diff --git a/build/jobs/cleanup-resourcegroup-aad.yml b/build/jobs/cleanup-resourcegroup-aad.yml
@@ -5,7 +5,7 @@ jobs:
     name: '$(SharedLinuxPool)'
     vmImage: '$(LinuxVmImage)'
   steps:
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
     displayName: 'Delete resource group'
     inputs:
       azureSubscription: $(ConnectedServiceName)

diff --git a/build/jobs/cleanup.yml b/build/jobs/cleanup.yml
@@ -5,7 +5,7 @@ jobs:
     name: '$(SharedLinuxPool)'
     vmImage: '$(LinuxVmImage)'
   steps:
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
     displayName: 'Delete resource group'
     inputs:
       azureSubscription: $(ConnectedServiceName)

diff --git a/build/jobs/e2e-tests.yml b/build/jobs/e2e-tests.yml
@@ -11,7 +11,7 @@ steps:
     parameters:
       version: ${{parameters.version}}
 
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
     displayName: 'Set Variables'
     inputs:
       azureSubscription: $(ConnectedServiceName)

diff --git a/build/jobs/run-export-tests.yml b/build/jobs/run-export-tests.yml
@@ -16,7 +16,7 @@ jobs:
     parameters:
       version: ${{parameters.version}}
 
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
     displayName: 'Set Variables'
     inputs:
       azureSubscription: $(ConnectedServiceName)
@@ -119,7 +119,7 @@ jobs:
     parameters:
       version: ${{parameters.version}}
 
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
     displayName: 'Set Variables'
     inputs:
       azureSubscription: $(ConnectedServiceName)

diff --git a/build/pr-pipeline.yml b/build/pr-pipeline.yml
@@ -125,7 +125,7 @@ stages:
       name: '$(DefaultLinuxPool)'
       vmImage: '$(LinuxVmImage)'
     steps:
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
       displayName: Provision Resource Group
       inputs:
         azureSubscription: $(ConnectedServiceName)

diff --git a/release/scripts/PowerShell/FhirServerRelease/Public/Add-AadTestAuthEnvironment.ps1 b/release/scripts/PowerShell/FhirServerRelease/Public/Add-AadTestAuthEnvironment.ps1
@@ -91,6 +91,10 @@ function Add-AadTestAuthEnvironment {
         Write-Host "Current context is service principal: $($azContext.Account.Id)"
         $currentObjectId = (Get-AzADServicePrincipal -ServicePrincipalName $azContext.Account.Id).Id
     }
+    elseif ($azContext.Account.Type -eq "ClientAssertion") {
+        Write-Host "Current context is ClientAssertion: $($azContext.Account.Id)"
+        $currentObjectId = (Get-AzADServicePrincipal -ServicePrincipalName $azContext.Account.Id).Id
+    }
     else {
         Write-Host "Current context is account of type '$($azContext.Account.Type)' with id of '$($azContext.Account.Id)"
         throw "Running as an unsupported account type. Please use either a 'User' or 'Service Principal' to run this command"