Merge pull request #14727 from Azure/release-2021-04-13

[Do not squash] release-2021-04-13

Author: dingmeng-xue

ChangeLog.md

@@ -1,3 +1,76 @@
+## 5.8.0 - April 2021
+#### Az.Accounts
+* Fallback to first valid context if current default context key is 'Default' which is invalid
+
+#### Az.Automation
+* Added support for Customer Managed Key Encryption with System Assigned Identity
+* Fixed issue that disables the schedule for update deployment if schedule was re-created with same name
+
+#### Az.Compute
+* Fixed a bug when 1 data disk attached to VMSS for Remove-AzVmssDataDisk [#13368]
+* Added new cmdlets to support TrustedLaunch related cmdlets:
+    - 'Set-AzVmSecurityProfile'
+    - 'Set-AzVmUefi'
+    - 'Set-AzVmssSecurityProfile'
+    - 'Set-AzVmssUefi'
+* Edited default value for Size parameter in New-AzVM cmdlet from Standard_DS1_v2 to Standard_D2s_v3.
+
+#### Az.ContainerRegistry
+* Fixed bug in 'Get-AzContainerRegistryManifest' showing incorrect image name 
+
+#### Az.HDInsight
+* Supported getting default vmsize from backend if customer does not provide the related parameters: '-WorkerNodeSize', '-HeadNodeSize', '-ZookeeperNodeSize', '-EdgeNodeSize', '-KafkaManagementNodeSize'.
+
+#### Az.HealthcareApis
+* Added support for Acr LoginServers
+
+#### Az.KeyVault
+* Fixed a bug for 'Get-AzKeyVaultSecret -AsPlainText' if the secret is not found [#14645]
+
+#### Az.Migrate
+* Nullref Bug fixed in get discovered server and initialize replication infrastructure commandlets.
+
+#### Az.Monitor
+* Added cmdlet to get diagnostic setting categories for subscription
+    - 'Get-AzSubscriptionDiagnosticSettingCategory'
+* Supported subscription diagnostic setting operations with new parameter: SubscriptionId
+    - 'Get-AzDiagnosticSetting'
+    - 'New-AzDiagnosticSetting'
+    - 'Remove-AzDiagnosticSetting'
+* Supported 'AutoMitigate' parameter in metric alert rule properties. The flag indicates whether the alert should be auto resolved or not.
+
+#### Az.Resources
+* Added upcoming breaking change warnings on below cmdlets, because the value of 'IdentifierUris' parameter will need verified domain.
+  - 'New-AzADApplication' 
+  - 'Update-AzADApplication'
+  - 'New-AzADServicePrincipal'
+  - 'Update-AzADServicePrincipal'
+* Ignored Bicep warning message in error stream if exitcode equals zero.
+
+#### Az.Sql
+* Added cmdlet output breaking change warnings to the following: 
+    - 'New-AzSqlDatabase'
+    - 'Get-AzSqlDatabase'
+    - 'Set-AzSqlDatabase'
+    - 'Remove-AzSqlDatabase'
+    - 'New-AzSqlDatabaseSecondary'
+    - 'Remove-AzSqlDatabaseSecondary'
+    - 'Get-AzSqlDatabaseReplicationLink'
+    - 'New-AzSqlDatabaseCopy'
+    - 'Set-AzSqlDatabaseSecondary'
+
+#### Az.Storage
+* Fixed copy blob fail with source context as Oauth [#14662]
+    -  'Start-AzStorageBlobCopy'
+
+#### Az.StreamAnalytics
+* Added upcoming breaking change warning message to all cmdlets because of upcoming changes on parameters.
+
+### Thanks to our community contributors
+* Andrei Zhukouski (@BurgerZ), Fix typo (#14575)
+* Mark Allison (@markallisongit), Update Invoke-AzSqlInstanceFailover.md (#14603)
+
+
 ## 5.7.0 - March 2021
 #### Az.Accounts
 * Fixed incorrect warning message on Windows PowerShell [#14556]

setup/generate.ps1

@@ -37,7 +37,7 @@ if( (-not (get-command -ea 0 light)) -or (-not (get-command -ea 0 heat)) -or (-n
 $outputName ="Az-Cmdlets"
 
 # generate the product name from the current month/year.
-$productName = "Microsoft Azure PowerShell - March 2021"
+$productName = "Microsoft Azure PowerShell - April 2021"
 
 # where to put temp files
 $tmp = Join-Path $env:temp azure-cmdlets-tmp

src/ADDomainServices/Az.ADDomainServices.psd1

@@ -51,7 +51,7 @@ DotNetFrameworkVersion = '4.7.2'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '2.2.7'; })
+RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '2.2.8'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = './bin/Az.ADDomainServices.private.dll'

src/Accounts/Accounts/Account/ConnectAzureRmAccount.cs

@@ -417,6 +417,7 @@ public override void ExecuteCmdlet()
                    }
 
                    profileClient.WarningLog = (message) => _tasks.Enqueue(new Task(() => this.WriteWarning(message)));
+                   profileClient.DebugLog = (message) => _tasks.Enqueue(new Task(() => this.WriteDebugWithTimestamp(message)));
                    var task = new Task<AzureRmProfile>( () => profileClient.Login(
                         azureAccount,
                         _environment,

src/Accounts/Accounts/Az.Accounts.psd1

@@ -3,7 +3,7 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 3/17/2021
+# Generated on: 4/8/2021
 #
 
 @{
@@ -12,7 +12,7 @@
 # RootModule = ''
 
 # Version number of this module.
-ModuleVersion = '2.2.7'
+ModuleVersion = '2.2.8'
 
 # Supported PSEditions
 CompatiblePSEditions = 'Core', 'Desktop'
@@ -143,8 +143,7 @@ PrivateData = @{
         # IconUri = ''
 
         # ReleaseNotes of this module
-        ReleaseNotes = '* Fixed incorrect warning message on Windows PowerShell [#14556]
-* Set Azure Environment variable ''AzureKeyVaultServiceEndpointResourceId'' according to the value of ''AzureKeyVaultDnsSuffix'' when discovering environment '
+        ReleaseNotes = '* Fallback to first valid context if current default context key is ''Default'' which is invalid'
 
         # Prerelease string of this module
         # Prerelease = ''

src/Accounts/Accounts/AzureRmAlias/Mappings.json

@@ -520,7 +520,7 @@
     "Remove-AzVmssDataDisk": "Remove-AzureRmVmssDataDisk",
     "Remove-AzVmssNetworkInterfaceConfiguration": "Remove-AzureRmVmssNetworkInterfaceConfiguration",
     "Set-AzVmssOsProfile": "Set-AzureRmVmssOsProfile",
-    "Set-AzVmssSecurityType": "Set-AzureRmVmssSecurityType",
+    "Set-AzVmssSecurityProfile": "Set-AzureRmVmssSecurityProfile",
     "Set-AzVmssUefi": "Set-AzureRmVmssUefi",
     "Set-AzVmssStorageProfile": "Set-AzureRmVmssStorageProfile",
     "New-AzVmss": "New-AzureRmVmss",

src/Accounts/Accounts/ChangeLog.md

@@ -19,6 +19,8 @@
 -->
 
 ## Upcoming Release
+
+## Version 2.2.8
 * Fallback to first valid context if current default context key is "Default" which is invalid
 
 ## Version 2.2.7

src/Accounts/Accounts/Models/RMProfileClient.cs

@@ -36,6 +36,7 @@ public class RMProfileClient
         private IProfileOperations _profile;
         private IAzureTokenCache _cache;
         public Action<string> WarningLog;
+        public Action<string> DebugLog;
 
         private IAzureContext DefaultContext
         {
@@ -242,9 +243,10 @@ public AzureRmProfile Login(
                                 token = null;
                             }
                         }
-                        catch
+                        catch(Exception e)
                         {
-                            WriteWarningMessage(string.Format(ProfileMessages.UnableToAqcuireToken, tenant));
+                            WriteWarningMessage(string.Format(ProfileMessages.UnableToAqcuireToken, tenant, e.Message));
+                            WriteDebugMessage(string.Format(ProfileMessages.UnableToAqcuireToken, tenant, e.ToString()));
                         }
 
                         if (token != null &&
@@ -498,12 +500,13 @@ public IEnumerable<IAzureSubscription> ListSubscriptions(string tenantIdOrDomain
                         ListAllSubscriptionsForTenant(
                             (tenant.GetId() == Guid.Empty) ? tenant.Directory : tenant.Id.ToString()));
                 }
-                catch (AadAuthenticationException)
+                catch (AadAuthenticationException e)
                 {
                     WriteWarningMessage(string.Format(
                         ProfileMessages.UnableToLogin,
                         _profile.DefaultContext.Account,
                         tenant));
+                    WriteDebugMessage(e.ToString());
                 }
 
             }
@@ -604,6 +607,7 @@ private bool TryGetTenantSubscription(IAccessToken accessToken,
                     if (isTenantPresent || !string.Equals(ex.Body?.Code, "InvalidAuthenticationTokenTenant", StringComparison.OrdinalIgnoreCase))
                     {
                         WriteWarningMessage(ex.Message);
+                        WriteDebugMessage(ex.ToString());
                     }
                 }
 
@@ -652,9 +656,10 @@ private List<AzureTenant> ListAccountTenants(
 
                 result = SubscriptionAndTenantClient?.ListAccountTenants(commonTenantToken, environment);
             }
-            catch
+            catch(Exception e)
             {
-                WriteWarningMessage(string.Format(ProfileMessages.UnableToAqcuireToken, commonTenant));
+                WriteWarningMessage(string.Format(ProfileMessages.UnableToAqcuireToken, commonTenant, e.Message));
+                WriteDebugMessage(string.Format(ProfileMessages.UnableToAqcuireToken, commonTenant, e.ToString()));
                 if (account.IsPropertySet(AzureAccount.Property.Tenants))
                 {
                     result =
@@ -698,9 +703,10 @@ private IEnumerable<AzureSubscription> ListAllSubscriptionsForTenant(
             {
                 accessToken = AcquireAccessToken(account, environment, tenantId, password, promptBehavior, null);
             }
-            catch
+            catch(Exception e)
             {
-                WriteWarningMessage(string.Format(ProfileMessages.UnableToAqcuireToken, tenantId));
+                WriteWarningMessage(string.Format(ProfileMessages.UnableToAqcuireToken, tenantId, e.Message));
+                WriteDebugMessage(string.Format(ProfileMessages.UnableToAqcuireToken, tenantId, e.ToString()));
                 return new List<AzureSubscription>();
             }
 
@@ -715,6 +721,14 @@ private void WriteWarningMessage(string message)
             }
         }
 
+        private void WriteDebugMessage(string message)
+        {
+            if(DebugLog != null)
+            {
+                DebugLog(message);
+            }
+        }
+
         public ISubscriptionClientWrapper SubscriptionAndTenantClient = null;
     }
 }

src/Accounts/Accounts/Properties/AssemblyInfo.cs

@@ -43,8 +43,8 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 
-[assembly: AssemblyVersion("2.2.7")]
-[assembly: AssemblyFileVersion("2.2.7")]
+[assembly: AssemblyVersion("2.2.8")]
+[assembly: AssemblyFileVersion("2.2.8")]
 #if !SIGN
 [assembly: InternalsVisibleTo("Microsoft.Azure.PowerShell.Cmdlets.Accounts.Test")]
 #endif

src/Accounts/Accounts/Properties/Resources.Designer.cs

@@ -339,7 +339,7 @@
     <value>To create an access token credential, you must provide an access token account.</value>
   </data>
   <data name="UnableToAqcuireToken" xml:space="preserve">
-    <value>Unable to acquire token for tenant '{0}'</value>
+    <value>Unable to acquire token for tenant '{0}' with error '{1}'</value>
   </data>
   <data name="UnableToLogin" xml:space="preserve">
     <value>Could not authenticate user account '{0}' with tenant '{1}'. Subscriptions in this tenant will not be listed. Please login again using Connect-AzAccount to view the subscriptions in this tenant.</value>

src/Accounts/Accounts/Properties/Resources.resx

@@ -32,7 +32,7 @@ class MockMsalAccessTokenAcquirer : MsalAccessTokenAcquirer
 
         public TokenRequestContext TokenRequestContext { get; set; }
 
-        internal override async Task<IAccessToken> GetAccessTokenAsync(TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken, string tenantId = null, string userId = null, string homeAccountId = "")
+        internal override async Task<IAccessToken> GetAccessTokenAsync(string callerClassName, string parametersLog, TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken, string tenantId = null, string userId = null, string homeAccountId = "")
         {
             TokenCredential = tokenCredential;
             TokenRequestContext = requestContext;

src/Accounts/Authentication.Test/Mocks/MockMsalAccessTokenAcquirer.cs

@@ -43,5 +43,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.2.7")]
-[assembly: AssemblyFileVersion("2.2.7")]
+[assembly: AssemblyVersion("2.2.8")]
+[assembly: AssemblyFileVersion("2.2.8")]

src/Accounts/Authentication/Properties/AssemblyInfo.cs

@@ -46,7 +46,7 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
                  resourceId.EqualsInsensitively(environment.GetEndpoint(AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId)))
                  && account.IsPropertySet(AzureAccount.Property.KeyVaultAccessToken))
             {
-                TracingAdapter.Information(string.Format("[AccessTokenAuthenticator] Creating KeyVault access token - Tenant: '{0}', ResourceId: '{1}', UserId: '{2}'", tenant, resourceId, account.Id));
+                TracingAdapter.Information($"{DateTime.Now:T} - [AccessTokenAuthenticator] Creating KeyVault access token - Tenant: '{tenant}', ResourceId: '{resourceId}', UserId: '{account.Id}'");
                 rawToken.AccessToken = account.GetProperty(AzureAccount.Property.KeyVaultAccessToken);
             }
             else if ((resourceId.EqualsInsensitively(environment.GraphEndpointResourceId) ||
@@ -55,7 +55,7 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
                       resourceId.EqualsInsensitively(environment.GetEndpoint(AzureEnvironment.Endpoint.GraphEndpointResourceId)))
                       && account.IsPropertySet(AzureAccount.Property.GraphAccessToken))
             {
-                TracingAdapter.Information(string.Format("[AccessTokenAuthenticator] Creating Graph access token - Tenant: '{0}', ResourceId: '{1}', UserId: '{2}'", tenant, resourceId, account.Id));
+                TracingAdapter.Information($"{DateTime.Now:T} - [AccessTokenAuthenticator] Creating Graph access token - Tenant: '{tenant}', ResourceId: '{resourceId}', UserId: '{account.Id}'");
                 rawToken.AccessToken = account.GetProperty(AzureAccount.Property.GraphAccessToken);
             }
             else if ((resourceId.EqualsInsensitively(environment.ActiveDirectoryServiceEndpointResourceId) ||
@@ -64,7 +64,7 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
                       resourceId.EqualsInsensitively(environment.GetEndpoint(AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)))
                       && account.IsPropertySet(AzureAccount.Property.AccessToken))
             {
-                TracingAdapter.Information(string.Format("[AccessTokenAuthenticator] Creating access token - Tenant: '{0}', ResourceId: '{1}', UserId: '{2}'", tenant, resourceId, account.Id));
+                TracingAdapter.Information($"{DateTime.Now:T} - [AccessTokenAuthenticator] Creating access token - Tenant: '{tenant}', ResourceId: '{resourceId}', UserId: '{account.Id}'");
                 rawToken.AccessToken = account.GetAccessToken();
             }
             else

src/Accounts/Authenticators/AccessTokenAuthenticator.cs

@@ -19,6 +19,8 @@
 using Azure.Core;
 using Azure.Identity;
 
+using Hyak.Common;
+
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.ResourceManager.Common;
@@ -53,6 +55,7 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             };
             var codeCredential = new DeviceCodeCredential(options);
 
+            TracingAdapter.Information($"{DateTime.Now:T} - [DeviceCodeAuthenticator] Calling DeviceCodeCredential.AuthenticateAsync - TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'");
             var authTask = codeCredential.AuthenticateAsync(requestContext, cancellationToken);
             return MsalAccessToken.GetAccessTokenAsync(
                 authTask,

src/Accounts/Authenticators/DeviceCodeAuthenticator.cs

@@ -13,6 +13,7 @@
 // ----------------------------------------------------------------------------------
 
 using System;
+using System.Diagnostics;
 using System.Net;
 using System.Net.Sockets;
 using System.Threading;
@@ -21,6 +22,8 @@
 using Azure.Core;
 using Azure.Identity;
 
+using Hyak.Common;
+
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 
@@ -65,6 +68,8 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
                 RedirectUri = GetReplyUrl(onPremise, interactiveParameters),
             };
             var browserCredential = new InteractiveBrowserCredential(options);
+
+            TracingAdapter.Information($"{DateTime.Now:T} - [InteractiveUserAuthenticator] Calling InteractiveBrowserCredential.AuthenticateAsync with TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', RedirectUri:'{options.RedirectUri}'");
             var authTask = browserCredential.AuthenticateAsync(requestContext, cancellationToken);
 
             return MsalAccessToken.GetAccessTokenAsync(

src/Accounts/Authenticators/InteractiveUserAuthenticator.cs

@@ -12,13 +12,16 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using System;
 using System.Text.RegularExpressions;
 using System.Threading;
 using System.Threading.Tasks;
 
 using Azure.Core;
 using Azure.Identity;
 
+using Hyak.Common;
+
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.PowerShell.Authenticators.Factories;
@@ -47,8 +50,15 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
 
             var identityCredential = azureCredentialFactory.CreateManagedIdentityCredential(userAccountId);
             var msalAccessTokenAcquirer = msalAccessTokenAcquirerFactory.CreateMsalAccessTokenAcquirer();
-            return msalAccessTokenAcquirer.GetAccessTokenAsync(identityCredential, requestContext, cancellationToken,
-                msiParameters.TenantId, msiParameters.Account.Id);
+            var parametersLog = $"- TenantId:'{msiParameters.TenantId}', Scopes:'{string.Join(",", scopes)}', UserId:'{userAccountId}'";
+            return msalAccessTokenAcquirer.GetAccessTokenAsync(
+                                nameof(ManagedServiceIdentityAuthenticator),
+                                parametersLog,
+                                identityCredential,
+                                requestContext,
+                                cancellationToken,
+                                msiParameters.TenantId,
+                                msiParameters.Account.Id);
         }
 
         public override bool CanAuthenticate(AuthenticationParameters parameters)