Merge branch 'master' of https://github.com/azure/azure-powershell into nonComplianceMessages

Author: pilor

.azure-pipelines/powershell-core.yml

@@ -19,9 +19,9 @@ jobs:
       windows:
         OSName: ${{ variables.WindowsName }}
         ImageName: ${{ variables.WindowsImage }}
-      # linux:
-      #   OSName: ${{ variables.LinuxName }}
-      #   ImageName: ${{ variables.LinuxImage }}
+      linux:
+        OSName: ${{ variables.LinuxName }}
+        ImageName: ${{ variables.LinuxImage }}
       macOS:	
         OSName: ${{ variables.MacOSName }}	
         ImageName: ${{ variables.MacOSImage }}
@@ -45,9 +45,9 @@ jobs:
       windows:
         OSName: ${{ variables.WindowsName }}
         ImageName: ${{ variables.WindowsImage }}
-      # linux:
-      #   OSName: ${{ variables.LinuxName }}
-      #   ImageName: ${{ variables.LinuxImage }}
+      linux:
+        OSName: ${{ variables.LinuxName }}
+        ImageName: ${{ variables.LinuxImage }}
       macOS:	
         OSName: ${{ variables.MacOSName }}	
         ImageName: ${{ variables.MacOSImage }}
@@ -70,9 +70,9 @@ jobs:
       windows:
         OSName: ${{ variables.WindowsName }}
         ImageName: ${{ variables.WindowsImage }}
-      # linux:
-      #   OSName: ${{ variables.LinuxName }}
-      #   ImageName: ${{ variables.LinuxImage }}
+      linux:
+        OSName: ${{ variables.LinuxName }}
+        ImageName: ${{ variables.LinuxImage }}
       macOS:	
         OSName: ${{ variables.MacOSName }}	
         ImageName: ${{ variables.MacOSImage }}

.azure-pipelines/util/analyze-steps.yml

@@ -7,6 +7,12 @@ steps:
   parameters:
     osName: ${{ parameters.osName }}
 
+- task: UseDotNet@2
+  displayName: 'Use .NET Core sdk'
+  inputs:
+    packageType: sdk
+    version: 2.1.x
+
 - pwsh: 'Install-Module platyPS -Force -Confirm:$false -Scope CurrentUser'
   displayName: 'Install platyPS'
 

.azure-pipelines/util/build-steps.yml

@@ -9,6 +9,12 @@ steps:
   inputs:
     filePath: tools/CheckIgnoredFile.ps1
 
+- task: UseDotNet@2
+  displayName: 'Use .NET Core sdk'
+  inputs:
+    packageType: sdk
+    version: 2.1.x
+
 - task: DotNetCoreCLI@2
   displayName: Build
   inputs:

src/Accounts/Accounts/Account/ConnectAzureRmAccount.cs

@@ -35,6 +35,7 @@
 using Microsoft.Azure.PowerShell.Authenticators.Factories;
 using Microsoft.Identity.Client;
 using Microsoft.WindowsAzure.Commands.Common;
+using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 
 namespace Microsoft.Azure.Commands.Profile
@@ -200,6 +201,9 @@ public class ConnectAzureRmAccountCommand : AzureContextModificationCmdlet, IMod
         [Parameter(Mandatory = false, HelpMessage = "Overwrite the existing context with the same name, if any.")]
         public SwitchParameter Force { get; set; }
 
+        [Parameter(ParameterSetName = ServicePrincipalCertificateParameterSet, Mandatory = false, HelpMessage = "Specifies if the x5c claim (public key of the certificate) should be sent to the STS to achieve easy certificate rollover in Azure AD.")]
+        public SwitchParameter SendCertificateChain { get; set; }
+
         protected override IAzureContext DefaultContext
         {
             get
@@ -341,6 +345,24 @@ public override void ExecuteCmdlet()
                 azureAccount.SetThumbprint(CertificateThumbprint);
             }
 
+            if (ParameterSetName == ServicePrincipalCertificateParameterSet && SendCertificateChain)
+            {
+                azureAccount.SetProperty(AzureAccount.Property.SendCertificateChain, SendCertificateChain.ToString());
+                bool supressWarningOrError = false;
+                try
+                {
+                    supressWarningOrError = bool.Parse(System.Environment.GetEnvironmentVariable(BreakingChangeAttributeHelper.SUPPRESS_ERROR_OR_WARNING_MESSAGE_ENV_VARIABLE_NAME));
+                }
+                catch
+                {
+                    //if value of env variable is invalid, use default value of supressWarningOrError
+                }
+                if (!supressWarningOrError)
+                {
+                    WriteWarning(Resources.PreviewFunctionMessage);
+                }
+            }
+
             if (!string.IsNullOrEmpty(Tenant))
             {
                 azureAccount.SetProperty(AzureAccount.Property.Tenants, Tenant);

src/Accounts/Accounts/ChangeLog.md

@@ -19,11 +19,12 @@
 -->
 
 ## Upcoming Release
-* Upgraded Azure.Identity to 1.4 and MSAL lib to 4.30.1
+* Upgraded Azure.Identity to 1.4 and MSAL to 4.30.1
 * Removed obsolete parameters `ManagedServiceHostName`, `ManagedServicePort` and `ManagedServiceSecret` of cmdlet `Connect-AzAccount`, environment variables `MSI_ENDPOINT` and `MSI_SECRET` could be used instead
 * Customize display format of PSAzureRmAccount to hide secret of service principal [#14208]
 * Added optional parameter `AuthScope` to `Connect-AzAccount` to support enhanced authentication of data plane features
 * Set retry times by environment variable [#14748]
+* Supported subject name issuer authentication
 
 ## Version 2.2.8
 * Fallback to first valid context if current default context key is "Default" which is invalid

src/Accounts/Accounts/Properties/Resources.Designer.cs

@@ -528,4 +528,7 @@
   <data name="InteractiveAuthNotSupported" xml:space="preserve">
     <value>Interactive authentication is not supported in this session, please run cmdlet 'Connect-AzAccount -UseDeviceAuthentication'.</value>
   </data>
+  <data name="PreviewFunctionMessage" xml:space="preserve">
+    <value>This function is in preview. It may not be available in the selected subscription.</value>
+  </data>
 </root>

src/Accounts/Accounts/Properties/Resources.resx

@@ -40,8 +40,9 @@ Connect-AzAccount [-Environment <String>] -Credential <PSCredential> [-Tenant <S
 ```
 Connect-AzAccount [-Environment <String>] -CertificateThumbprint <String> -ApplicationId <String>
  [-ServicePrincipal] -Tenant <String> [-Subscription <String>] [-AuthScope <String>] [-ContextName <String>]
- [-SkipContextPopulation] [-MaxContextPopulation <Int32>] [-Force] [-Scope <ContextModificationScope>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-SkipContextPopulation] [-MaxContextPopulation <Int32>] [-Force] [-SendCertificateChain]
+ [-Scope <ContextModificationScope>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
 ```
 
 ### AccessTokenWithSubscriptionId
@@ -56,7 +57,6 @@ Connect-AzAccount [-Environment <String>] [-Tenant <String>] -AccessToken <Strin
 ### ManagedServiceLogin
 ```
 Connect-AzAccount [-Environment <String>] [-Tenant <String>] [-AccountId <String>] [-Identity]
- [-ManagedServicePort <Int32>] [-ManagedServiceHostName <String>] [-ManagedServiceSecret <SecureString>]
  [-Subscription <String>] [-AuthScope <String>] [-ContextName <String>] [-SkipContextPopulation]
  [-MaxContextPopulation <Int32>] [-Force] [-Scope <ContextModificationScope>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
@@ -209,11 +209,13 @@ Once AuthScope is specified, e.g. Storage, Connect-AzAccount will first login wi
 ```powershell
 Connect-AzAccount -AuthScope Storage
 ```
+
 ```Output
 Account                SubscriptionName TenantId                Environment
 -------                ---------------- --------                -----------
 yyyy-yyyy-yyyy-yyyy    Subscription1    xxxx-xxxx-xxxx-xxxx     AzureCloud
 ```
+
 ## PARAMETERS
 
 ### -AccessToken
@@ -479,6 +481,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -SendCertificateChain
+Specifies if the x5c claim (public key of the certificate) should be sent to the STS to achieve easy certificate rollover in Azure AD.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: ServicePrincipalCertificateWithSubscriptionId
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ServicePrincipal
 
 Indicates that this account authenticates by providing service principal credentials.

src/Accounts/Accounts/help/Connect-AzAccount.md

@@ -33,7 +33,8 @@ public AuthenticationParameters(
             IAzureEnvironment environment,
             IAzureTokenCache tokenCache,
             string tenantId,
-            string resourceId)
+            string resourceId,
+            bool? sendCertificateChain = null)
         {
             TokenCacheProvider = tokenCacheProvider;
             Environment = environment;

src/Accounts/Authentication/Authentication/Parameters/AuthenticationParameters.cs

@@ -26,6 +26,8 @@ public class ServicePrincipalParameters : AuthenticationParameters
 
         public SecureString Secret { get; set; }
 
+        public bool? SendCertificateChain { get; set; } = null;
+
         public ServicePrincipalParameters(
             PowerShellTokenCacheProvider tokenCacheProvider,
             IAzureEnvironment environment,
@@ -34,11 +36,13 @@ public ServicePrincipalParameters(
             string resourceId,
             string applicationId,
             string thumbprint,
-            SecureString secret) : base(tokenCacheProvider, environment, tokenCache, tenantId, resourceId)
+            SecureString secret,
+            bool? sendCertificateChain) : base(tokenCacheProvider, environment, tokenCache, tenantId, resourceId)
         {
             ApplicationId = applicationId;
             Thumbprint = thumbprint;
             Secret = secret;
+            SendCertificateChain = sendCertificateChain;
         }
     }
 }

src/Accounts/Authentication/Authentication/Parameters/ServicePrincipalParameters.cs

@@ -551,8 +551,14 @@ private AuthenticationParameters GetAuthenticationParameters(
                     return new UsernamePasswordParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, password, null);
                 case AzureAccount.AccountType.Certificate:
                 case AzureAccount.AccountType.ServicePrincipal:
+                    bool? sendCertificateChain = null;
+                    var sendCertificateChainStr = account.GetProperty(AzureAccount.Property.SendCertificateChain);
+                    if (!string.IsNullOrWhiteSpace(sendCertificateChainStr))
+                    {
+                        sendCertificateChain = Boolean.Parse(sendCertificateChainStr);
+                    }
                     password = password ?? ConvertToSecureString(account.GetProperty(AzureAccount.Property.ServicePrincipalSecret));
-                    return new ServicePrincipalParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, account.GetProperty(AzureAccount.Property.CertificateThumbprint), password);
+                    return new ServicePrincipalParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, account.GetProperty(AzureAccount.Property.CertificateThumbprint), password, sendCertificateChain);
                 case AzureAccount.AccountType.ManagedService:
                     return new ManagedServiceIdentityParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account);
                 case AzureAccount.AccountType.AccessToken:

src/Accounts/Authentication/Factories/AuthenticationFactory.cs

@@ -49,7 +49,8 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
 
             var options = new ClientCertificateCredentialOptions()
             {
-                AuthorityHost = new Uri(authority)
+                AuthorityHost = new Uri(authority),
+                SendCertificateChain = spParameters.SendCertificateChain ?? default(bool)
             };
 
             if (!string.IsNullOrEmpty(spParameters.Thumbprint))

src/Accounts/Authenticators/ServicePrincipalAuthenticator.cs

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <PsModuleName>Compute</PsModuleName>
+  </PropertyGroup>
+
+  <Import Project="$(MSBuildThisFileDirectory)..\..\Az.props" />
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <AssemblyName>Microsoft.Azure.PowerShell.Cmdlets.Compute.Helpers</AssemblyName>
+    <RootNamespace>Microsoft.Azure.PowerShell.Cmdlets.Compute.Helpers</RootNamespace>
+    <NoWarn>CS0108</NoWarn>
+  </PropertyGroup>
+
+</Project>

src/Compute/Compute.Helpers/Compute.Helpers.csproj

@@ -0,0 +1,113 @@
+// <auto-generated>
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for
+// license information.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is
+// regenerated.
+// </auto-generated>
+
+namespace Microsoft.Azure.PowerShell.Cmdlets.Compute.Helpers.Network
+{
+    using Microsoft.Rest;
+    using Microsoft.Rest.Azure;
+    using Models;
+    using System.Collections;
+    using System.Collections.Generic;
+    using System.Threading;
+    using System.Threading.Tasks;
+
+    /// <summary>
+    /// LoadBalancersOperations operations.
+    /// </summary>
+    public partial interface ILoadBalancersOperations
+    {
+        /// <summary>
+        /// Gets the specified load balancer.
+        /// </summary>
+        /// <param name='resourceGroupName'>
+        /// The name of the resource group.
+        /// </param>
+        /// <param name='loadBalancerName'>
+        /// The name of the load balancer.
+        /// </param>
+        /// <param name='expand'>
+        /// Expands referenced resources.
+        /// </param>
+        /// <param name='customHeaders'>
+        /// The headers that will be added to request.
+        /// </param>
+        /// <param name='cancellationToken'>
+        /// The cancellation token.
+        /// </param>
+        /// <exception cref="Microsoft.Rest.Azure.CloudException">
+        /// Thrown when the operation returned an invalid status code
+        /// </exception>
+        /// <exception cref="Microsoft.Rest.SerializationException">
+        /// Thrown when unable to deserialize the response
+        /// </exception>
+        /// <exception cref="Microsoft.Rest.ValidationException">
+        /// Thrown when a required parameter is null
+        /// </exception>
+        Task<AzureOperationResponse<LoadBalancer>> GetWithHttpMessagesAsync(string resourceGroupName, string loadBalancerName, string expand = default(string), Dictionary<string, List<string>> customHeaders = null, CancellationToken cancellationToken = default(CancellationToken));
+        /// <summary>
+        /// Creates or updates a load balancer.
+        /// </summary>
+        /// <param name='resourceGroupName'>
+        /// The name of the resource group.
+        /// </param>
+        /// <param name='loadBalancerName'>
+        /// The name of the load balancer.
+        /// </param>
+        /// <param name='parameters'>
+        /// Parameters supplied to the create or update load balancer
+        /// operation.
+        /// </param>
+        /// <param name='customHeaders'>
+        /// The headers that will be added to request.
+        /// </param>
+        /// <param name='cancellationToken'>
+        /// The cancellation token.
+        /// </param>
+        /// <exception cref="Microsoft.Rest.Azure.CloudException">
+        /// Thrown when the operation returned an invalid status code
+        /// </exception>
+        /// <exception cref="Microsoft.Rest.SerializationException">
+        /// Thrown when unable to deserialize the response
+        /// </exception>
+        /// <exception cref="Microsoft.Rest.ValidationException">
+        /// Thrown when a required parameter is null
+        /// </exception>
+        Task<AzureOperationResponse<LoadBalancer>> CreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string loadBalancerName, LoadBalancer parameters, Dictionary<string, List<string>> customHeaders = null, CancellationToken cancellationToken = default(CancellationToken));
+        /// <summary>
+        /// Creates or updates a load balancer.
+        /// </summary>
+        /// <param name='resourceGroupName'>
+        /// The name of the resource group.
+        /// </param>
+        /// <param name='loadBalancerName'>
+        /// The name of the load balancer.
+        /// </param>
+        /// <param name='parameters'>
+        /// Parameters supplied to the create or update load balancer
+        /// operation.
+        /// </param>
+        /// <param name='customHeaders'>
+        /// The headers that will be added to request.
+        /// </param>
+        /// <param name='cancellationToken'>
+        /// The cancellation token.
+        /// </param>
+        /// <exception cref="Microsoft.Rest.Azure.CloudException">
+        /// Thrown when the operation returned an invalid status code
+        /// </exception>
+        /// <exception cref="Microsoft.Rest.SerializationException">
+        /// Thrown when unable to deserialize the response
+        /// </exception>
+        /// <exception cref="Microsoft.Rest.ValidationException">
+        /// Thrown when a required parameter is null
+        /// </exception>
+        Task<AzureOperationResponse<LoadBalancer>> BeginCreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string loadBalancerName, LoadBalancer parameters, Dictionary<string, List<string>> customHeaders = null, CancellationToken cancellationToken = default(CancellationToken));
+    }
+}