Use secure string for password fields

Author: matthchr

src/ResourceManager/AzureBatch/Commands.Batch.Test/Certificates/NewBatchCertificateCommandTests.cs

@@ -24,6 +24,7 @@
 using System.Management.Automation;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
+using Microsoft.WindowsAzure.Commands.Common;
 using Xunit;
 using BatchClient = Microsoft.Azure.Commands.Batch.Models.BatchClient;
 
@@ -119,7 +120,7 @@ public void NewBatchCertificateRequestBodyTest()
 
             // Verify that when the raw data is specified with a password, the request body matches expectations
             cmdlet.RawData = cert.RawData;
-            cmdlet.Password = BatchTestHelpers.TestCertificatePassword;
+            cmdlet.Password = BatchTestHelpers.TestCertificatePassword.ConvertToSecureString();
             cmdlet.ExecuteCmdlet();
             Assert.Equal(CertificateFormat.Pfx, requestParameters.CertificateFormat);
             Assert.Equal(BatchTestHelpers.TestCertificateAlgorithm, requestParameters.ThumbprintAlgorithm);
@@ -139,7 +140,7 @@ public void NewBatchCertificateRequestBodyTest()
             Assert.Equal(certDataBase64String, requestParameters.Data);
 
             // Verify that when a file path is specified with a password, the request body matches expectations
-            cmdlet.Password = BatchTestHelpers.TestCertificatePassword;
+            cmdlet.Password = BatchTestHelpers.TestCertificatePassword.ConvertToSecureString();
             cmdlet.ExecuteCmdlet();
             Assert.Equal(CertificateFormat.Pfx, requestParameters.CertificateFormat);
             Assert.Equal(BatchTestHelpers.TestCertificateAlgorithm, requestParameters.ThumbprintAlgorithm);

src/ResourceManager/AzureBatch/Commands.Batch.Test/ComputeNodeUsers/NewBatchComputeNodeUserCommandTests.cs

@@ -20,6 +20,7 @@
 using System;
 using System.Collections.Generic;
 using System.Management.Automation;
+using Microsoft.WindowsAzure.Commands.Common;
 using Xunit;
 using BatchClient = Microsoft.Azure.Commands.Batch.Models.BatchClient;
 using ProxyModels = Microsoft.Azure.Batch.Protocol.Models;
@@ -57,7 +58,7 @@ public void NewBatchComputeNodeUserParametersTest()
             cmdlet.PoolId = "testPool";
             cmdlet.ComputeNodeId = "computeNode1";
             cmdlet.Name = "testUser";
-            cmdlet.Password = "Password1234";
+            cmdlet.Password = "Password1234".ConvertToSecureString();
 
             // Don't go to the service on an Add ComputeNodeUser call
             RequestInterceptor interceptor = BatchTestHelpers.CreateFakeServiceResponseInterceptor<
@@ -81,7 +82,7 @@ public void NewBatchComputeNodeUserParametersGetPassedToRequestTest()
             cmdlet.PoolId = "testPool";
             cmdlet.ComputeNodeId = "computeNode1";
             cmdlet.Name = "user";
-            cmdlet.Password = "password";
+            cmdlet.Password = "password".ConvertToSecureString();
             cmdlet.IsAdmin = true;
             cmdlet.ExpiryTime = DateTime.Now.AddDays(30);
 
@@ -101,7 +102,7 @@ public void NewBatchComputeNodeUserParametersGetPassedToRequestTest()
 
             // Verify the request parameters match the cmdlet parameters
             Assert.Equal(cmdlet.Name, requestParameters.Name);
-            Assert.Equal(cmdlet.Password, requestParameters.Password);
+            Assert.Equal(cmdlet.Password.ConvertToString(), requestParameters.Password);
             Assert.Equal(cmdlet.IsAdmin, requestParameters.IsAdmin);
             Assert.Equal(cmdlet.ExpiryTime, requestParameters.ExpiryTime);
         }

src/ResourceManager/AzureBatch/Commands.Batch.Test/ComputeNodeUsers/SetBatchComputeNoderUserCommandTests.cs

@@ -21,6 +21,7 @@
 using System;
 using System.Collections.Generic;
 using System.Management.Automation;
+using Microsoft.WindowsAzure.Commands.Common;
 using Xunit;
 using BatchClient = Microsoft.Azure.Commands.Batch.Models.BatchClient;
 
@@ -82,7 +83,7 @@ public void SetBatchComputeNodeUserRequestTest()
             cmdlet.PoolId = "testPool";
             cmdlet.ComputeNodeId = "computeNode1";
             cmdlet.Name = "testUser";
-            cmdlet.Password = "Password1234";
+            cmdlet.Password = "Password1234".ConvertToSecureString();
             cmdlet.ExpiryTime = DateTime.Now.AddDays(1);
 
             string requestPassword = null;
@@ -101,7 +102,7 @@ public void SetBatchComputeNodeUserRequestTest()
             cmdlet.ExecuteCmdlet();
 
             // Verify the request parameters match expectations
-            Assert.Equal(cmdlet.Password, requestPassword);
+            Assert.Equal(cmdlet.Password.ConvertToString(), requestPassword);
             Assert.Equal(cmdlet.ExpiryTime, requestExpiryTime);
         }
     }

src/ResourceManager/AzureBatch/Commands.Batch.Test/ScenarioTests/ComputeNodeUserTests.ps1

@@ -22,15 +22,16 @@ function Test-ComputeNodeUserEndToEnd
 
     $context = New-Object Microsoft.Azure.Commands.Batch.Test.ScenarioTests.ScenarioTestContext
     $userName = "userendtoend"
-    $password = "Password1234!"
+    $password1 = ConvertTo-SecureString "Password1234!" -AsPlainText -Force
 
     # Create a user
-    New-AzureBatchComputeNodeUser -PoolId $poolId -ComputeNodeId $computeNodeId -Name $userName -Password $password -BatchContext $context
+    New-AzureBatchComputeNodeUser -PoolId $poolId -ComputeNodeId $computeNodeId -Name $userName -Password $password1 -BatchContext $context
 
     # Update the user. Since there's no Get user API, this also validates that the create call worked (no 404 error).
     # Basically just validating that we can set the parameters and execute the cmdlet without error. 
     # If a Get user API is added, we can validate that the properties were actually updated.
-    Set-AzureBatchComputeNodeUser $poolId $computeNodeId $userName "Abcdefghijk1234!" -ExpiryTime ([DateTime]::Now.AddDays(5)) -BatchContext $context
+    $password2 = ConvertTo-SecureString "Abcdefghijk1234!" -AsPlainText -Force
+    Set-AzureBatchComputeNodeUser $poolId $computeNodeId $userName $password2 -ExpiryTime ([DateTime]::Now.AddDays(5)) -BatchContext $context
 
     # Delete the user
     Remove-AzureBatchComputeNodeUser -PoolId $poolId -ComputeNodeId $computeNodeId -Name $userName -BatchContext $context

src/ResourceManager/AzureBatch/Commands.Batch/Certificates/NewBatchCertificateCommand.cs

@@ -15,6 +15,8 @@
 using Microsoft.Azure.Commands.Batch.Models;
 using System;
 using System.Management.Automation;
+using System.Security;
+using Microsoft.WindowsAzure.Commands.Common;
 using Constants = Microsoft.Azure.Commands.Batch.Utils.Constants;
 
 namespace Microsoft.Azure.Commands.Batch
@@ -37,17 +39,14 @@ public class NewBatchCertificateCommand : BatchObjectModelCmdletBase
 
         [Parameter]
         [ValidateNotNullOrEmpty]
-        [Obsolete("New-AzureRmBatchCertificate: The parameter \"Password\" is being changed from a string to a SecureString in an upcoming breaking change release.")]
-        public string Password { get; set; }
+        public SecureString Password { get; set; }
 
         public override void ExecuteCmdlet()
         {
             NewCertificateParameters parameters = new NewCertificateParameters(this.BatchContext, this.FilePath, this.RawData,
                 this.AdditionalBehaviors)
             {
-#pragma warning disable 0618
-                Password = this.Password
-#pragma warning restore 0618
+                Password = this.Password?.ConvertToString()
             };
 
             BatchClient.AddCertificate(parameters);

src/ResourceManager/AzureBatch/Commands.Batch/ComputeNodeUsers/NewBatchComputeNodeUserCommand.cs

@@ -16,6 +16,8 @@
 using Microsoft.Azure.Commands.Batch.Models;
 using System;
 using System.Management.Automation;
+using System.Security;
+using Microsoft.WindowsAzure.Commands.Common;
 using Constants = Microsoft.Azure.Commands.Batch.Utils.Constants;
 
 namespace Microsoft.Azure.Commands.Batch
@@ -44,8 +46,7 @@ public class NewBatchComputeNodeUserCommand : BatchObjectModelCmdletBase
 
         [Parameter(Mandatory = true, HelpMessage = "The account password.")]
         [ValidateNotNullOrEmpty]
-        [Obsolete("New-AzureRmBatchComputeNodeUser: The parameter \"Password\" is being changed from a string to a SecureString in an upcoming breaking change release.")]
-        public string Password { get; set; }
+        public SecureString Password { get; set; }
 
         [Parameter]
         [ValidateNotNullOrEmpty]
@@ -60,9 +61,7 @@ public override void ExecuteCmdlet()
                 this.ComputeNode, this.AdditionalBehaviors)
             {
                 ComputeNodeUserName = this.Name,
-#pragma warning disable 0618
-                Password = this.Password,
-#pragma warning restore 0618
+                Password = this.Password?.ConvertToString(),
                 ExpiryTime = this.ExpiryTime,
                 IsAdmin = this.IsAdmin.IsPresent
             };

src/ResourceManager/AzureBatch/Commands.Batch/ComputeNodeUsers/SetBatchComputeNodeUserCommand.cs

@@ -15,6 +15,8 @@
 using Microsoft.Azure.Commands.Batch.Models;
 using System;
 using System.Management.Automation;
+using System.Security;
+using Microsoft.WindowsAzure.Commands.Common;
 using Constants = Microsoft.Azure.Commands.Batch.Utils.Constants;
 
 namespace Microsoft.Azure.Commands.Batch
@@ -39,8 +41,7 @@ public class SetBatchComputeNodeUserCommand : BatchObjectModelCmdletBase
 
         [Parameter(Position = 3, Mandatory = true, HelpMessage = "The account password.")]
         [ValidateNotNullOrEmpty]
-        [Obsolete("Set-AzureRmBatchComputeNodeUser: The parameter \"Password\" is being changed from a string to a SecureString in an upcoming breaking change release.")]
-        public string Password { get; set; }
+        public SecureString Password { get; set; }
 
         [Parameter]
         [ValidateNotNullOrEmpty]
@@ -51,9 +52,7 @@ public override void ExecuteCmdlet()
             UpdateComputeNodeUserParameters parameters = new UpdateComputeNodeUserParameters(this.BatchContext,
                 this.PoolId, this.ComputeNodeId, this.Name, this.AdditionalBehaviors)
             {
-#pragma warning disable 0618
-                Password = this.Password,
-#pragma warning restore 0618
+                Password = this.Password?.ConvertToString(),
                 ExpiryTime = this.ExpiryTime
             };
             this.BatchClient.UpdateComputeNodeUser(parameters);