Az.Accounts Improvement (#13592)

erich-wang · web-flow · commit f893a59343b0 · 2020-11-30T15:45:12.000+08:00
* 1. Improve warning message when Interactive is unavailable; 2. Update doc for MSI customized endpoint

* Register CommonUtilities if not present
diff --git a/src/Accounts/Accounts/Account/ConnectAzureRmAccount.cs b/src/Accounts/Accounts/Account/ConnectAzureRmAccount.cs
@@ -125,15 +125,15 @@ public class ConnectAzureRmAccountCommand : AzureContextModificationCmdlet, IMod
         [Alias("MSI", "ManagedService")]
         public SwitchParameter Identity { get; set; }
 
-        [Parameter(ParameterSetName = ManagedServiceParameterSet, Mandatory = false, HelpMessage = "Port number for managed service login.")]
+        [Parameter(ParameterSetName = ManagedServiceParameterSet, Mandatory = false, HelpMessage = "Obsolete. To use customized MSI endpoint, please set environment variable MSI_ENDPOINT, e.g. \"http://localhost:50342/oauth2/token\". Port number for managed service login.")]
         [PSDefaultValue(Help = "50342", Value = 50342)]
         public int ManagedServicePort { get; set; } = 50342;
 
-        [Parameter(ParameterSetName = ManagedServiceParameterSet, Mandatory = false, HelpMessage = "Host name for managed service login.")]
+        [Parameter(ParameterSetName = ManagedServiceParameterSet, Mandatory = false, HelpMessage = "Obsolete. To use customized MSI endpoint, please set environment variable MSI_ENDPOINT, e.g. \"http://localhost:50342/oauth2/token\". Host name for managed service login.")]
         [PSDefaultValue(Help = "localhost", Value = "localhost")]
         public string ManagedServiceHostName { get; set; } = "localhost";
 
-        [Parameter(ParameterSetName = ManagedServiceParameterSet, Mandatory = false, HelpMessage = "Secret, used for some kinds of managed service login.")]
+        [Parameter(ParameterSetName = ManagedServiceParameterSet, Mandatory = false, HelpMessage = "Obsolete. To use customized MSI secret, please set environment variable MSI_SECRET. Secret, used for some kinds of managed service login.")]
         [ValidateNotNullOrEmpty]
         public SecureString ManagedServiceSecret { get; set; }
 
@@ -295,6 +295,12 @@ public override void ExecuteCmdlet()
                         Path = "/oauth2/token"
                     };
 
+                    //ManagedServiceHostName/ManagedServicePort/ManagedServiceSecret are obsolete, should be removed in next major release
+                    if (this.IsBound(nameof(ManagedServiceHostName)) || this.IsBound(nameof(ManagedServicePort)) || this.IsBound(nameof(ManagedServiceSecret)))
+                    {
+                        WriteWarning(Resources.ObsoleteManagedServiceParameters);
+                    }
+
                     var envSecret = System.Environment.GetEnvironmentVariable(MSISecretVariable);
 
                     var msiSecret = this.IsBound(nameof(ManagedServiceSecret))
@@ -387,6 +393,17 @@ public override void ExecuteCmdlet()
                     InitializeProfileProvider();
                 }
 
+                if(!AzureSession.Instance.TryGetComponent(nameof(CommonUtilities), out CommonUtilities commonUtitilies))
+                {
+                    commonUtitilies = new CommonUtilities();
+                    AzureSession.Instance.RegisterComponent(nameof(CommonUtilities), () => commonUtitilies);
+                }
+                if(!commonUtitilies.IsDesktopSession() && IsUsingInteractiveAuthentication())
+                {
+                    WriteWarning(Resources.InteractiveAuthNotSupported);
+                    return;
+                }
+
                 SetContextWithOverwritePrompt((localProfile, profileClient, name) =>
                {
                    bool shouldPopulateContextList = true;
@@ -425,14 +442,14 @@ public override void ExecuteCmdlet()
                    }
                    catch (AuthenticationFailedException ex)
                    {
-                       if(IsUnableToOpenWebPageError(ex))
+                       if (IsUnableToOpenWebPageError(ex))
                        {
                            WriteWarning(Resources.InteractiveAuthNotSupported);
                            WriteDebug(ex.ToString());
                        }
                        else
                        {
-                           if (ParameterSetName == UserParameterSet && UseDeviceAuthentication == false)
+                           if (IsUsingInteractiveAuthentication())
                            {
                                //Display only if user is using Interactive auth
                                WriteWarning(Resources.SuggestToUseDeviceCodeAuth);
@@ -445,6 +462,11 @@ public override void ExecuteCmdlet()
             }
         }
 
+        private bool IsUsingInteractiveAuthentication()
+        {
+            return ParameterSetName == UserParameterSet && UseDeviceAuthentication == false;
+        }
+
         private bool IsUnableToOpenWebPageError(AuthenticationFailedException exception)
         {
             return exception.InnerException is MsalClientException && ((MsalClientException)exception.InnerException)?.ErrorCode == MsalError.LinuxXdgOpen
@@ -591,6 +613,7 @@ public void OnImport()
                 }
                 var tokenCache = provider.GetTokenCache();
                 IAzureEventListenerFactory azureEventListenerFactory = new AzureEventListenerFactory();
+                AzureSession.Instance.RegisterComponent(nameof(CommonUtilities), () => new CommonUtilities());
                 AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => provider);
                 AzureSession.Instance.RegisterComponent(nameof(IAzureEventListenerFactory), () => azureEventListenerFactory);
                 AzureSession.Instance.RegisterComponent(nameof(PowerShellTokenCache), () => tokenCache);
diff --git a/src/Accounts/Accounts/Properties/Resources.Designer.cs b/src/Accounts/Accounts/Properties/Resources.Designer.cs
diff --git a/src/Accounts/Accounts/Properties/Resources.resx b/src/Accounts/Accounts/Properties/Resources.resx
@@ -513,9 +513,6 @@
   <data name="SendFeedbackOpenLinkManually" xml:space="preserve">
     <value>Use a web browser to open the page {0}.</value>
   </data>
-  <data name="InteractiveAuthNotSupported" xml:space="preserve">
-    <value>Interactive authentication is not supported in this session, please run Connect-AzAccount using switch -DeviceCode.</value>
-  </data>
   <data name="SuggestToUseDeviceCodeAuth" xml:space="preserve">
     <value>Please run 'Connect-AzAccount -DeviceCode' if browser is not supported in this session.</value>
   </data>
@@ -525,4 +522,10 @@
   <data name="FallbackContextSaveModeDueCacheCheckError" xml:space="preserve">
     <value>INITIALIZATION: Fallback context save mode to process because of error during checking token cache persistence: {0}.</value>
   </data>
+  <data name="ObsoleteManagedServiceParameters" xml:space="preserve">
+    <value>The parameters ManagedServiceHostName/ManagedServicePort/ManagedServiceSecret are obsolete. For ManagedServiceHostName/ManagedServicePort, please set environment variable MSI_ENDPOINT, e.g. "http://localhost:50342/oauth2/token". For ManagedServiceSecret, please set environment variable MSI_SECRET.</value>
+  </data>
+  <data name="InteractiveAuthNotSupported" xml:space="preserve">
+    <value>Interactive authentication is not supported in this session, please run cmdlet 'Connect-AzAccount -UseDeviceAuthentication'.</value>
+  </data>
 </root>
diff --git a/src/Accounts/Accounts/help/Connect-AzAccount.md b/src/Accounts/Accounts/help/Connect-AzAccount.md
@@ -420,7 +420,7 @@ Accept wildcard characters: False
 
 ### -ManagedServiceHostName
 
-Host name for the managed service.
+Obsolete. To use customized MSI endpoint, please set environment variable MSI_ENDPOINT, e.g. "http://localhost:50342/oauth2/token". Host name for the managed service.
 
 ```yaml
 Type: System.String
@@ -436,7 +436,7 @@ Accept wildcard characters: False
 
 ### -ManagedServicePort
 
-Port number for the managed service.
+Obsolete. To use customized MSI endpoint, please set environment variable MSI_ENDPOINT, e.g. "http://localhost:50342/oauth2/token".Port number for the managed service.
 
 ```yaml
 Type: System.Int32
@@ -452,7 +452,7 @@ Accept wildcard characters: False
 
 ### -ManagedServiceSecret
 
-Token for the managed service login.
+Obsolete. To use customized MSI secret, please set environment variable MSI_SECRET. Token for the managed service login.
 
 ```yaml
 Type: System.Security.SecureString
diff --git a/src/Accounts/Authentication/Utilities/CommonUtilities.cs b/src/Accounts/Authentication/Utilities/CommonUtilities.cs
@@ -0,0 +1,39 @@
+﻿// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.Azure.Commands.Common.Authentication
+{
+    public class CommonUtilities
+    {
+        /// <summary>
+        /// Check if it is in desktop session
+        /// </summary>
+        /// <returns></returns>
+        public bool IsDesktopSession()
+        {
+            //Check only for Linux platform
+            //Linux: https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/src/shared/Microsoft.Git.CredentialManager/Interop/Posix/PosixSessionManager.cs
+            //MacOS: https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/src/shared/Microsoft.Git.CredentialManager/Interop/MacOS/MacOSSessionManager.cs
+            //Windows: https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/src/shared/Microsoft.Git.CredentialManager/Interop/Windows/WindowsSessionManager.cs
+            if(RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
+            {
+                return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DISPLAY"));
+            }
+            return true;
+        }
+    }
+}
diff --git a/src/Accounts/Authentication/Utilities/CustomAssemblyResolver.cs b/src/Accounts/Authentication/Utilities/CustomAssemblyResolver.cs
@@ -1,4 +1,18 @@
-﻿using System;
+﻿// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Reflection;
