release-2021-10-08

ChangeLog.md

@@ -1,3 +1,108 @@
+## 6.5.0 - October 2021
+#### Az.Accounts
+* Supported getting the access token for Microsoft Graph.
+* Added AuthorizeRequestDelegate to allow service module to adjust token audience.
+* Utilized [AssemblyLoadContext](https://docs.microsoft.com/en-us/dotnet/api/system.runtime.loader.assemblyloadcontext) to resolve assembly conflict issues in PowerShell.
+* Updated Azure.Core from 1.16.0 to 1.19.0.
+
+#### Az.Attestation
+* General availability of 'Az.Attestation' module
+
+#### Az.Cdn
+* Fixed null reference exception and typos in 'New-AzFrontDoorCdnRule' cmdlet
+
+#### Az.Compute
+* Updated Compute .NET SDK package reference to version 49.1.0
+* Fixed a bug in 'Get-AzVM' that caused incorrect power status output.
+
+#### Az.DataFactory
+* Added a DataFlowEnableQuickReuse argument for the 'Set-AzDataFactoryV2IntegrationRuntime' cmdlet to enable quick reuse of clusters in next pipeline activities.
+* Updated ADF .Net SDK version to 4.25.0
+* Added a VNetInjectionMethod argument for the 'Set-AzDataFactoryV2IntegrationRuntime' cmdlet to support the express virtual network injection of Azure-SSIS Integration Runtime.
+
+#### Az.FrontDoor
+* Allowed rule engine action creation without RouteConfigurationOverride for 'New-AzFrontDoorRulesEngineActionObject'.
+* Fixed DynamicCompression parameter being ignored issue of 'New-AzFrontDoorRulesEngineActionObject'.
+
+#### Az.KeyVault
+* Supported custom role definitions on managed HSM:
+    - Create via 'New-AzKeyVaultRoleDefinition',
+    - Delete via 'Remove-AzKeyVaultRoleDefinition',
+    - Filter all custom roles via 'Get-AzKeyVaultRoleDefinition -Custom'.
+* Supported Encrypt/Decrypt/Wrap/Unwrap using keys [#15679]
+* Enabled managing resources in other subscriptions without switching the context by adding '-Subscription <String>'.
+
+#### Az.Maintenance
+* Added Guest patch maintenance support.
+
+#### Az.Network
+* Support for Sku, ScaleUnits parameters of BastionHost resource.
+    - 'New-AzBastion'
+    - 'Set-AzBastion'
+* Onboard Azure Resource Manager to Private Link Common Cmdlets
+* Updated cmdlets to add properties to enable/disable BgpRouteTranslationForNat for VpnGateway.
+    - 'New-AzVpnGateway'
+    - 'Update-AzVpnGateway'
+* Updated cmdlet to add property to disable InternetSecurity for P2SVpnGateway.
+    - 'New-AzP2sVpnGateway'
+* Added new cmdlets for HubBgpConnection child resource of VirtualHub.
+    - 'Get-AzVirtualHubBgpConnection'
+    - 'New-AzVirtualHubBgpConnection'
+    - 'Update-AzVirtualHubBgpConnection'
+    - 'Remove-AzVirtualHubBgpConnection'
+* Onboard Azure HDInsight to Private Link Common Cmdlets
+
+#### Az.RecoveryServices
+* Azure Site Recovery bug fixes for VMware to Azure Reprotect, Update policy and Disable scenarios.
+* Azure Backup added the support for UserAssigned MSI in RecoveryServices Vault.
+
+#### Az.Resources
+* Added a clearer error message for a case in which TemplateUri do not accept bicep file.
+* Fixed typos with ManagementGroups breaking change descriptions [#15819].
+* Fixed resource tags casing issue - resource tags casing not being preserved.
+* Updated to Microsoft.Azure.Management.Authorization 2.13.0-preview.
+
+#### Az.Sql
+* Fixed 'Get-AzSqlDatabaseImportExportStatus' to report the error encountered
+
+#### Az.Storage
+* Upgraded Azure.Storage.Blobs to 12.10.0
+* Upgraded Azure.Storage.Files.Shares to 12.8.0
+* Upgraded Azure.Storage.Files.DataLake to 12.8.0
+* Upgraded Azure.Storage.Queues to 12.8.0
+* Supported upgrade storage account to enable HierarchicalNamespace
+    -  'Invoke-AzStorageAccountHierarchicalNamespaceUpgrade'
+    -  'Stop-AzStorageAccountHierarchicalNamespaceUpgrade'
+* Supported AccessTierInferred, Tags in blob inventory policy schema
+    - 'New-AzStorageBlobInventoryPolicyRule'
+* Supported create/update storage account with PublicNetworkAccess enabled/disabled 
+    - 'New-AzStorageAccount'
+    - 'Set-AzStorageAccount'
+* Supported create/update storage blob container with RootSquash
+    - 'New-AzRmStorageContainer'
+    - 'Update-AzRmStorageContainer'
+* Supported AllowProtectedAppendWriteAll in set container Immutability Policy, and add container LegalHold
+    - 'Set-AzRmStorageContainerImmutabilityPolicy'
+    - 'Add-AzRmStorageContainerLegalHold'
+
+#### Az.StorageSync
+* Fixed a bug where not all properties of PSSyncSessionStatus and PSSyncActivityStatus objects were being populated properly.
+* This affected the 'Get-AzStorageSyncServerEndpoint' cmdlet when trying to access the following properties of the output:
+    - SyncStatus.UploadStatus
+    - SyncStatus.DownloadStatus
+    - SyncStatus.UploadActivity
+    - SyncStatus.DownloadActivity
+
+#### Az.Websites
+* Updated 'Import-AzWebAppKeyVaultCertificate1' to set the default name with combination of keyvault name and cert name 
+
+### Thanks to our community contributors
+* @DSakura207, Use last PowerState instance in Statuses for power status (#15941)
+* Yannic Graber (@grabery), Recode Example2 (#15808)
+* @joelmforsyth, Fix multi-regional examples (#15918)
+* Adam Coffman (@SysAdminforCoffee), Update Set-AzNetworkInterfaceIpConfig.md (#15846)
+* Michael Howard (@x509cert), Reworded sentence to make it clear that a specific key version must be provided (#15886)
+
 ## 6.4.0 - September 2021
 #### Az.Accounts
 * Corrected the URLs to Azure Portal in the results of 'Get-AzEnvironment' and 'Get-AzContext'. [#15429]

setup/generate.ps1

@@ -37,7 +37,7 @@ if( (-not (get-command -ea 0 light)) -or (-not (get-command -ea 0 heat)) -or (-n
 $outputName ="Az-Cmdlets"
 
 # generate the product name from the current month/year.
-$productName = "Microsoft Azure PowerShell - September 2021"
+$productName = "Microsoft Azure PowerShell - October 2021"
 
 # where to put temp files
 $tmp = Join-Path $env:temp azure-cmdlets-tmp

src/ADDomainServices/Az.ADDomainServices.psd1

@@ -51,7 +51,7 @@ DotNetFrameworkVersion = '4.7.2'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '2.5.3'; })
+RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '2.5.4'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = './bin/Az.ADDomainServices.private.dll'

src/Accounts/Accounts/Az.Accounts.psd1

@@ -3,7 +3,7 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 9/1/2021
+# Generated on: 10/4/2021
 #
 
 @{
@@ -12,7 +12,7 @@
 # RootModule = ''
 
 # Version number of this module.
-ModuleVersion = '2.5.3'
+ModuleVersion = '2.5.4'
 
 # Supported PSEditions
 CompatiblePSEditions = 'Core', 'Desktop'
@@ -57,7 +57,7 @@ DotNetFrameworkVersion = '4.7.2'
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = 'Microsoft.Azure.PowerShell.Authentication.Abstractions.dll', 
-               'Microsoft.Azure.PowerShell.AuthenticationAssemblyLoadContext.dll',
+               'Microsoft.Azure.PowerShell.AuthenticationAssemblyLoadContext.dll', 
                'Microsoft.Azure.PowerShell.Authentication.dll', 
                'Microsoft.Azure.PowerShell.Authenticators.dll', 
                'Microsoft.Azure.PowerShell.Authentication.ResourceManager.dll', 
@@ -146,9 +146,10 @@ PrivateData = @{
         # IconUri = ''
 
         # ReleaseNotes of this module
-        ReleaseNotes = '* Corrected the URLs to Azure Portal in the results of ''Get-AzEnvironment'' and ''Get-AzContext''. [#15429]
-* Made infrastructural changes to support overriding default subscription via a ''-SubscriptionId <String>'' parameter.
-    - [Az.Aks](https://docs.microsoft.com/powershell/module/az.aks/get-azakscluster) is the first module that supports it.'
+        ReleaseNotes = '* Supported getting the access token for Microsoft Graph.
+* Added AuthorizeRequestDelegate to allow service module to adjust token audience.
+* Utilized [AssemblyLoadContext](https://docs.microsoft.com/en-us/dotnet/api/system.runtime.loader.assemblyloadcontext) to resolve assembly conflict issues in PowerShell.
+* Updated Azure.Core from 1.16.0 to 1.19.0.'
 
         # Prerelease string of this module
         # Prerelease = ''

src/Accounts/Accounts/ChangeLog.md

@@ -19,6 +19,10 @@
 -->
 
 ## Upcoming Release
+
+## Version 2.5.4
+* Supported getting the access token for Microsoft Graph.
+* Added AuthorizeRequestDelegate to allow service module to adjust token audience.
 * Utilized [AssemblyLoadContext](https://docs.microsoft.com/en-us/dotnet/api/system.runtime.loader.assemblyloadcontext) to resolve assembly conflict issues in PowerShell.
 * Updated Azure.Core from 1.16.0 to 1.19.0.
 

src/Accounts/Accounts/CommonModule/ContextAdapter.cs

@@ -32,6 +32,7 @@ namespace Microsoft.Azure.Commands.Common
     using NextDelegate = Func<HttpRequestMessage, CancellationToken, Action, Func<string, CancellationToken, Func<EventArgs>, Task>, Task<HttpResponseMessage>>;
     using SignalDelegate = Func<string, CancellationToken, Func<EventArgs>, Task>;
     using PipelineChangeDelegate = Action<Func<HttpRequestMessage, CancellationToken, Action, Func<string, CancellationToken, Func<EventArgs>, Task>, Func<HttpRequestMessage, CancellationToken, Action, Func<string, CancellationToken, Func<EventArgs>, Task>, Task<HttpResponseMessage>>, Task<HttpResponseMessage>>>;
+    using TokenAudienceConverterDelegate = Func<string, string, string, string, Uri, string>;
 
     /// <summary>
     /// Perform authentication and parameter completion based on the value of the context
@@ -74,6 +75,51 @@ public void OnNewRequest(InvocationInfo invocationInfo, string correlationId, st
             appendStep(this.SendHandler(GetDefaultContext(_provider, invocationInfo), AzureEnvironment.Endpoint.ResourceManager));
         }
 
+        internal void AddRequestUserAgentHandler(
+            InvocationInfo invocationInfo,
+            string correlationId,
+            string processRecordId,
+            PipelineChangeDelegate prependStep,
+            PipelineChangeDelegate appendStep)
+        {
+            appendStep(new UserAgent(invocationInfo).SendAsync);
+        }
+
+        internal void AddPatchRequestUriHandler(
+            InvocationInfo invocationInfo,
+            string correlationId,
+            string processRecordId,
+            PipelineChangeDelegate prependStep,
+            PipelineChangeDelegate appendStep)
+        {
+            appendStep(
+                async (request, cancelToken, cancelAction, signal, next) =>
+                {
+                    var context = GetDefaultContext(_provider, invocationInfo);
+                    PatchRequestUri(context, request);
+                    return await next(request, cancelToken, cancelAction, signal);
+                });
+        }
+
+        internal void AddAuthorizeRequestHandler(
+            InvocationInfo invocationInfo,
+            string endpointResourceIdKey,
+            string endpointSuffixKey,
+            PipelineChangeDelegate prependStep,
+            PipelineChangeDelegate appendStep,
+            TokenAudienceConverterDelegate tokenAudienceConverter,
+            IDictionary<string, object> extensibleParameters = null)
+        {
+            appendStep(
+                async (request, cancelToken, cancelAction, signal, next) =>
+                {
+                    endpointResourceIdKey = endpointResourceIdKey ?? AzureEnvironment.Endpoint.ResourceManager;
+                    var context = GetDefaultContext(_provider, invocationInfo);
+                    await AuthorizeRequest(context, request, cancelToken, endpointResourceIdKey, endpointSuffixKey, tokenAudienceConverter);
+                    return await next(request, cancelToken, cancelAction, signal);
+                });
+        }
+
         /// <summary>
         ///  Called for well-known parameters that require argument completers
         ///  </summary>
@@ -156,7 +202,7 @@ internal Func<HttpRequestMessage, CancellationToken, Action, SignalDelegate, Nex
             return async (request, cancelToken, cancelAction, signal, next) =>
             {
                 PatchRequestUri(context, request);
-                await AuthorizeRequest(context, resourceId, request, cancelToken);
+                await AuthorizeRequest(context, request, cancelToken, resourceId, resourceId);
                 return await next(request, cancelToken, cancelAction, signal);
             };
         }
@@ -165,11 +211,12 @@ internal Func<HttpRequestMessage, CancellationToken, Action, SignalDelegate, Nex
         /// Pipeline step for authenticating requests
         /// </summary>
         /// <param name="context"></param>
-        /// <param name="resourceId"></param>
+        /// <param name="endpointResourceIdKey"></param>
         /// <param name="request"></param>
         /// <param name="outerToken"></param>
         /// <returns></returns>
-        internal async Task AuthorizeRequest(IAzureContext context, string resourceId, HttpRequestMessage request, CancellationToken outerToken)
+        internal async Task AuthorizeRequest(IAzureContext context, HttpRequestMessage request, CancellationToken outerToken, string endpointResourceIdKey,
+                        string endpointSuffixKey, TokenAudienceConverterDelegate tokenAudienceConverter = null, IDictionary<string, object> extensibleParamters = null)
         {
             if (context == null || context.Account == null || context.Environment == null)
             {
@@ -178,12 +225,29 @@ internal async Task AuthorizeRequest(IAzureContext context, string resourceId, H
 
             await Task.Run(() =>
             {
-                resourceId = context?.Environment?.GetAudienceFromRequestUri(request.RequestUri) ?? resourceId;
-                var authToken = _authenticator.Authenticate(context.Account, context.Environment, context.Tenant.Id, null, "Never", null, resourceId);
+                if (tokenAudienceConverter != null)
+                {
+                    var info = GetEndpointInfo(context.Environment, endpointResourceIdKey, endpointSuffixKey);
+                    var tokenAudience = tokenAudienceConverter.Invoke(info.CurEnvEndpointResourceId, info.CurEnvEndpointSuffix, info.BaseEnvEndpointResourceId, info.BaseEnvEndpointSuffix, request.RequestUri);
+                    endpointResourceIdKey = tokenAudience ?? endpointResourceIdKey;
+                }
+                var authToken = _authenticator.Authenticate(context.Account, context.Environment, context.Tenant.Id, null, "Never", null, endpointResourceIdKey);
                 authToken.AuthorizeRequest((type, token) => request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue(type, token));
             }, outerToken);
         }
 
+        private (string CurEnvEndpointResourceId, string CurEnvEndpointSuffix, string BaseEnvEndpointResourceId, string BaseEnvEndpointSuffix) GetEndpointInfo(IAzureEnvironment environment, string endpointResourceIdKey, string endpointSuffixKey)
+        {
+            var baseEnvironment = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];
+
+            string curEnvEndpointResourceId = environment?.GetEndpoint(endpointResourceIdKey);
+            string curEnvEndpointSuffix = environment?.GetEndpoint(endpointSuffixKey);
+            string baseEnvEndpointResourceId = baseEnvironment?.GetEndpoint(endpointResourceIdKey);
+            string baseEnvEndpointSuffix = baseEnvironment?.GetEndpoint(endpointSuffixKey);
+
+            return (curEnvEndpointResourceId, curEnvEndpointSuffix, baseEnvEndpointResourceId, baseEnvEndpointSuffix); ;
+        }
+
         internal void PatchRequestUri(IAzureContext context, HttpRequestMessage request)
         {
             var requestUri = context?.Environment?.GetUriFromBaseRequestUri(request.RequestUri);

src/Accounts/Accounts/CommonModule/EnvironmentExtensions.cs

@@ -103,6 +103,7 @@ public static Uri GetUriFromBaseRequestUri(this IAzureEnvironment environment, U
             return baseEndpoint;
         }
 
+        ////TODO: Update to support all data plane audience
         /// <summary>
         /// Determien the inteneded audience of a request
         /// </summary>

src/Accounts/Accounts/CommonModule/RegisterAzModule.cs

@@ -54,6 +54,13 @@ protected override void ProcessRecord()
                     // this gets called before the generated cmdlet makes a call across the wire (allows you to change the HTTP pipeline)
                     OnNewRequest = ContextAdapter.Instance.OnNewRequest,
 
+                    //OnNewRequest = AddRequestUserAgentHandler + AddPatchRequestUriHandler + AddAuthorizeRequestHandler
+                    AddRequestUserAgentHandler = ContextAdapter.Instance.AddRequestUserAgentHandler,
+
+                    AddPatchRequestUriHandler = ContextAdapter.Instance.AddPatchRequestUriHandler,
+
+                    AddAuthorizeRequestHandler = ContextAdapter.Instance.AddAuthorizeRequestHandler,
+
                     // Called for well-known parameters that require argument completers
                     ArgumentCompleter = ContextAdapter.Instance.CompleteArgument,