Add-AzureAnalysisServicesAccount to support login with Service Principal #4389
Conversation
( both using password and certificate )
|
@liangyong79, |
|
Can one of the admins verify this patch? |
|
@azuresdkci add to whitelist |
There was a problem hiding this comment.
@liangyong79 a few minor comments. Also, please add tests for this new functionality so we can catch future regressions. You can view the Profile login tests for examples of how to test this functionality.
| private const string ServicePrincipalWithCertificateParameterSet = "ServicePrincipalWithCertificateParameterSetName"; | ||
|
|
||
| [Parameter(ParameterSetName = UserParameterSet, | ||
| Mandatory = true, HelpMessage = "Name of the Azure Analysis Services environment to which to logon to", Position = 0)] |
There was a problem hiding this comment.
@liangyong79 RolloutEnvironment is being changed from optional to mandatory, which is a breaking change. Please make sure the parameters (RolloutEnvironment and Credential) in the previous parameter set have the same attributes in UserParameterSet as they did in the old one.
There was a problem hiding this comment.
Actually this RolloutEnvironment is required even in previous version, they just forget to mark it as required.
There was a problem hiding this comment.
I don't think this is true. You can log in currently as a user without this
| Mandatory = true)] | ||
| [Parameter(ParameterSetName = ServicePrincipalWithCertificateParameterSet, | ||
| Mandatory = true)] | ||
| public SwitchParameter ServicePrincipal { get; set; } |
There was a problem hiding this comment.
@liangyong79 this parameter doesn't seem to provide any value since the presence of TenantId, ApplicationId or CertificateThumbprint signify that you using one of the ServicePrincipal parameter sets
There was a problem hiding this comment.
It will make it clear that ServicePrincipal will be used, and also the other Add-AzureRmAccount used the same parameter for SPN: https://docs.microsoft.com/en-us/powershell/module/azurerm.profile/add-azurermaccount?view=azurermps-4.2.0
| @@ -33,14 +33,49 @@ namespace Microsoft.Azure.Commands.AnalysisServices.Dataplane | |||
| [OutputType(typeof(AsAzureProfile))] | |||
| public class AddAzureASAccountCommand : AzurePSCmdlet, IModuleAssemblyInitializer | |||
| { | |||
| [Parameter(Position = 0, Mandatory = false, HelpMessage = "Name of the Azure Analysis Services environment to which to logon to")] | |||
There was a problem hiding this comment.
@liangyong79 now that there are multiple parameter sets used in this cmdlet, there will need to be a DefaultParameterSetName defined at the top (inside of the Cmdlet attribute). I would recommend using UserParameterSet as the default.
| @@ -32,12 +45,38 @@ This example will add the account specified by the $UserCredential variable to t | |||
|
|
|||
| ## PARAMETERS | |||
|
|
|||
| ### -ApplicationId | |||
| SPN```yaml | |||
There was a problem hiding this comment.
@liangyong79 please make sure that the ```yaml strings appear on a line by themselves so the markdown gets rendered properly. You can look at the Credential parameter below for an example.
This change should be made for all parameters with this issue in this file.
Also, can we change "SPN" to be a more meaningful description?
| @@ -62,6 +113,34 @@ Accept pipeline input: False | |||
| Accept wildcard characters: False | |||
| ``` | |||
|
|
|||
| ### -ServicePrincipal | |||
| {{Fill ServicePrincipal Description}} | |||
There was a problem hiding this comment.
@liangyong79 please fill out this description if you decide to keep this parameter
| @@ -129,6 +129,10 @@ | |||
| <Project>{70527617-7598-4aef-b5bd-db9186b8184b}</Project> | |||
| <Name>Commands.Common.Authentication.Abstractions</Name> | |||
| </ProjectReference> | |||
| <ProjectReference Include="..\..\..\Common\Commands.Common.Authentication\Commands.Common.Authentication.csproj"> | |||
There was a problem hiding this comment.
This is problematic. Since you are using ADAL directly, you should not include a dependency on this library. This will cause problems when the ADAL library is updted in the runtime.
| @@ -123,6 +173,7 @@ public void OnImport() | |||
| { | |||
| try | |||
| { | |||
| AzureSessionInitializer.InitializeAzureSession(); | |||
There was a problem hiding this comment.
Do not add this - this potentially causes problems for all Azure RM modules, because you are taking chanreg of injecting depednencies used by all modules. If your cmdlet needs to use AzureSession, then it shoudl use the existing authentication mechanism. If it does not, then it should not initialize it.
There was a problem hiding this comment.
The base class AzurePSCmdlet.BeginProcessing() call SetupDebuggingTraces(), which call DebugStreamTraceListener.AddAdalTracing( ), and AddAdalTracing( ) require that AzureSession.Instance not be null:
public static void AddAdalTracing(DebugStreamTraceListener listener)
{
AzureSession.Instance.AuthenticationTraceListeners.Add(listener);
AzureSession.Instance.AuthenticationTraceSourceLevel = SourceLevels.All;
}
…ands.Common.Authentication library
| Mandatory = true)] | ||
| [Parameter(ParameterSetName = ServicePrincipalWithCertificateParameterSet, | ||
| Mandatory = true)] | ||
| public SwitchParameter ServicePrincipal { get; set; } |
There was a problem hiding this comment.
It will make it clear that ServicePrincipal will be used, and also the other Add-AzureRmAccount used the same parameter for SPN: https://docs.microsoft.com/en-us/powershell/module/azurerm.profile/add-azurermaccount?view=azurermps-4.2.0
| @@ -123,6 +173,7 @@ public void OnImport() | |||
| { | |||
| try | |||
| { | |||
| AzureSessionInitializer.InitializeAzureSession(); | |||
There was a problem hiding this comment.
The base class AzurePSCmdlet.BeginProcessing() call SetupDebuggingTraces(), which call DebugStreamTraceListener.AddAdalTracing( ), and AddAdalTracing( ) require that AzureSession.Instance not be null:
public static void AddAdalTracing(DebugStreamTraceListener listener)
{
AzureSession.Instance.AuthenticationTraceListeners.Add(listener);
AzureSession.Instance.AuthenticationTraceSourceLevel = SourceLevels.All;
}
| private const string ServicePrincipalWithCertificateParameterSet = "ServicePrincipalWithCertificateParameterSetName"; | ||
|
|
||
| [Parameter(ParameterSetName = UserParameterSet, | ||
| Mandatory = true, HelpMessage = "Name of the Azure Analysis Services environment to which to logon to", Position = 0)] |
There was a problem hiding this comment.
I don't think this is true. You can log in currently as a user without this
…eter as before for UserParameterSet.
|
on demand run here: http://azuresdkci.cloudapp.net/job/powershell-demand/1817/ |
|
According to the log, the build failed due to no work space for the build. |
|
@azuresdkci retest this please |
|
new on demand: http://azuresdkci.cloudapp.net/job/powershell-demand/1818/ |
|
Ondemand build 1818 passed. :) |
( both using password and certificate )
Description
This checklist is used to make sure that common guidelines for a pull request are followed. You can find a more complete discussion of PowerShell cmdlet best practices here.
General Guidelines
Testing Guidelines
Cmdlet Signature Guidelines
ShouldProcessand haveSupportShouldProcess=truespecified in the cmdlet attribute. You can find more information onShouldProcesshere.OutputTypeattribute if any output is produced - if the cmdlet produces no output, it should implement aPassThruparameter.Cmdlet Parameter Guidelines