Azure · cormacpayne · Mar 24, 2018 · Feb 14, 2018 · Feb 21, 2018 · Feb 25, 2018
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,4 +1,62 @@
-## 5.5.0 - March 2018
+## 5.6.0 - March 2018
+
+#### General
+* Fix issue with Default Resource Group in CloudShell
+* Fix issue where incorrect startup scripts were being executed during module import
+
+#### AzureRM.Profile
+* Enable MSI authentication in unsupported scenarios
+* Add support for user-defined Managed Service Identity
+
+#### AzureRM.AnalysisServices
+* Fixed issue with cleaning up scripts in build
+
+#### AzureRM.Cdn
+* Fixed issue with cleaning up scripts in build
+
+#### AzureRM.Compute
+* 'New-AzureRmVM' and 'New-AzureRmVMSS' support data disks.
+* 'New-AzureRmVM' and 'New-AzureRmVMSS' support custom image by name or by id.
+* Log analytic feature
+    - Added 'Export-AzureRmLogAnalyticRequestRateByInterval' cmdlet
+    - Added 'Export-AzureRmLogAnalyticThrottledRequests' cmdlet
+
+#### AzureRM.ContainerInstance
+* Fix parameter sets issue for container registry and azure file volume mount
+
+#### AzureRM.DataFactoryV2
+* Updated the ADF .Net SDK to version 0.6.0-preview containing the following changes:
+    - Added new AzureDatabricks LinkedService and DatabricksNotebook Activity
+    - Added headNodeSize and dataNodeSize properties in HDInsightOnDemand LinkedService
+    - Added LinkedService, Dataset, CopySource for SalesforceMarketingCloud
+    - Added support for SecureOutput on all activities 
+    - Added new BatchCount property on ForEach activity which control how many concurrent activities to run
+    - Added new Filter Activity
+    - Added Linked Service Parameters support
+
+#### AzureRM.Dns
+* Support for Private DNS Zones (Public Preview)
+    - Adds ability to create DNS zones that are visible only to the associated virtual networks
+
+#### AzureRM.Network
+* Updating model types for compatibility with DNS cmdlets.
+
+#### AzureRM.RecoveryServices.SiteRecovery
+* Changes for ASR Azure to Azure Site Recovery (cmdlets are currently supporting operations for Enterprise to Enterprise, Enterprise to Azure, HyperV to Azure,VMware to Azure)
+    - New-AzureRmRecoveryServicesAsrProtectionContainer
+    - New-AzureRmRecoveryServicesAsrAzureToAzureDiskReplicationConfig
+    - Remove-AzureRmRecoveryServicesAsrProtectionContainer
+    - Update-AzureRmRecoveryServicesAsrProtectionDirection
+
+#### AzureRM.Storage
+* Obsolete following parameters in new and set Storage Account cmdlets: EnableEncryptionService and DisableEncryptionService, since Encryption at Rest is enabled by default and can't be disabled.
+    - New-AzureRmStorageAccount
+    - Set-AzureRmStorageAccount
+
+#### AzureRM.Websites
+* Fixed the help for Remove-AzureRmWebAppSlot
+
+## 5.5.0 - March 2018
 #### AzureRM.Profile
 * Fixed issue with importing aliases
 * Load version 10.0.3 of Newtonsoft.Json side-by-side with version 6.0.8

diff --git a/src/Common/Commands.Common.Authentication.Abstractions/AzureAccount.cs b/src/Common/Commands.Common.Authentication.Abstractions/AzureAccount.cs
@@ -123,7 +123,12 @@ public static class Property
         /// <summary>
         /// Login Uri for Managed Service Login
         /// </summary>
-        MSILoginUri = "MSILoginUri";
+        MSILoginUri = "MSILoginUri",
+
+        /// <summary>
+        /// Backup login Uri for MSI
+        /// </summary>
+        MSILoginUriBackup = "MSILoginBackup";
 
 
         }

diff --git a/src/Common/Commands.Common.Authentication.Test/AuthenticationFactoryTests.cs b/src/Common/Commands.Common.Authentication.Test/AuthenticationFactoryTests.cs
@@ -25,6 +25,7 @@
 using Microsoft.Azure.Commands.Common.Authentication.Test;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using Xunit.Abstractions;
+using Microsoft.Rest.Azure;
 
 namespace Common.Authentication.Test
 {
@@ -162,14 +163,14 @@ public void CanAuthenticateUsingMSIDefault()
             };
             var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
             var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
-            var builder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
-            builder.Query = string.Format("resource={0}", Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId));
+            var builder = new UriBuilder(AuthenticationFactory.DefaultBackupMSILoginUri);
+            builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&api-version=2018-02-01";
             var defaultUri = builder.Uri.ToString();
 
             var responses = new Dictionary<string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
             {
                 {defaultUri, new ManagedServiceTokenInfo { AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource=expectedResource}},
-                {"http://myfunkyurl:10432/oauth2/token?resource=foo", new ManagedServiceTokenInfo { AccessToken = expectedToken2, ExpiresIn = 3600, Resource="foo"} }
+                {"http://myfunkyurl:10432/oauth2/token?resource=foo&api-version=2018-02-01", new ManagedServiceTokenInfo { AccessToken = expectedToken2, ExpiresIn = 3600, Resource="foo"} }
             };
             AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
             var authFactory = new AuthenticationFactory();
@@ -189,6 +190,150 @@ public void CanAuthenticateUsingMSIDefault()
             Assert.Throws<InvalidOperationException>(() => token3.AccessToken);
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void CanAuthenticateUsingMSIResourceId()
+        {
+            AzureSessionInitializer.InitializeAzureSession();
+            string expectedAccessToken = Guid.NewGuid().ToString();
+            _output.WriteLine("Expected access token for ARM URI: {0}", expectedAccessToken);
+            string expectedToken2 = Guid.NewGuid().ToString();
+            string tenant = Guid.NewGuid().ToString();
+            _output.WriteLine("Expected access token for graph URI: {0}", expectedToken2);
+            string userId = "/foo/bar/baz";
+            var account = new AzureAccount
+            {
+                Id = userId,
+                Type = AzureAccount.AccountType.ManagedService
+            };
+            var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
+            var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
+            var builder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
+            builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&msi_res_id={Uri.EscapeDataString(userId)}&api-version=2018-02-01";
+            var defaultUri = builder.Uri.ToString();
+
+            var customBuilder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
+            customBuilder.Query = $"resource={Uri.EscapeDataString(environment.GraphEndpointResourceId)}&msi_res_id={Uri.EscapeDataString(userId)}&api-version=2018-02-01";
+            var customUri = customBuilder.Uri.ToString();
+
+            var responses = new Dictionary<string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
+            {
+                {defaultUri, new ManagedServiceTokenInfo { AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource=expectedResource}},
+                {customUri, new ManagedServiceTokenInfo { AccessToken = expectedToken2, ExpiresIn = 3600, Resource=environment.GraphEndpointResourceId} }
+            };
+            AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
+            var authFactory = new AuthenticationFactory();
+            var token = authFactory.Authenticate(account, environment, tenant, null, null, null);
+            _output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
+            Assert.Equal(expectedAccessToken, token.AccessToken);
+            var account2 = new AzureAccount
+            {
+                Id = userId,
+                Type = AzureAccount.AccountType.ManagedService
+            };
+            var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
+            _output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
+            Assert.Equal(expectedToken2, token2.AccessToken);
+            var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
+            Assert.Throws<InvalidOperationException>(() => token3.AccessToken);
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void CanAuthenticateUsingMSIClientId()
+        {
+            AzureSessionInitializer.InitializeAzureSession();
+            string expectedAccessToken = Guid.NewGuid().ToString();
+            _output.WriteLine("Expected access token for ARM URI: {0}", expectedAccessToken);
+            string expectedToken2 = Guid.NewGuid().ToString();
+            string tenant = Guid.NewGuid().ToString();
+            _output.WriteLine("Expected access token for graph URI: {0}", expectedToken2);
+            string userId = Guid.NewGuid().ToString();
+            var account = new AzureAccount
+            {
+                Id = userId,
+                Type = AzureAccount.AccountType.ManagedService
+            };
+            var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
+            var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
+            var builder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
+            builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&client_id={userId}&api-version=2018-02-01";
+            var defaultUri = builder.Uri.ToString();
+
+            var customBuilder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
+            customBuilder.Query = $"resource={Uri.EscapeDataString(environment.GraphEndpointResourceId)}&client_id={userId}&api-version=2018-02-01";
+            var customUri = customBuilder.Uri.ToString();
+
+            var responses = new Dictionary<string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
+            {
+                {defaultUri, new ManagedServiceTokenInfo { AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource=expectedResource}},
+                {customUri, new ManagedServiceTokenInfo { AccessToken = expectedToken2, ExpiresIn = 3600, Resource=environment.GraphEndpointResourceId} }
+            };
+            AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
+            var authFactory = new AuthenticationFactory();
+            var token = authFactory.Authenticate(account, environment, tenant, null, null, null);
+            _output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
+            Assert.Equal(expectedAccessToken, token.AccessToken);
+            var account2 = new AzureAccount
+            {
+                Id = userId,
+                Type = AzureAccount.AccountType.ManagedService
+            };
+            var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
+            _output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
+            Assert.Equal(expectedToken2, token2.AccessToken);
+            var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
+            Assert.Throws<InvalidOperationException>(() => token3.AccessToken);
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void CanAuthenticateUsingMSIObjectId()
+        {
+            AzureSessionInitializer.InitializeAzureSession();
+            string expectedAccessToken = Guid.NewGuid().ToString();
+            _output.WriteLine("Expected access token for ARM URI: {0}", expectedAccessToken);
+            string expectedToken2 = Guid.NewGuid().ToString();
+            string tenant = Guid.NewGuid().ToString();
+            _output.WriteLine("Expected access token for graph URI: {0}", expectedToken2);
+            string userId = Guid.NewGuid().ToString();
+            var account = new AzureAccount
+            {
+                Id = userId,
+                Type = AzureAccount.AccountType.ManagedService
+            };
+            var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
+            var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
+            var builder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
+            builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
+            var defaultUri = builder.Uri.ToString();
+
+            var customBuilder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
+            customBuilder.Query = $"resource={Uri.EscapeDataString(environment.GraphEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
+            var customUri = customBuilder.Uri.ToString();
+
+            var responses = new Dictionary<string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
+            {
+                {defaultUri, new ManagedServiceTokenInfo { AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource=expectedResource}},
+                {customUri, new ManagedServiceTokenInfo { AccessToken = expectedToken2, ExpiresIn = 3600, Resource=environment.GraphEndpointResourceId} }
+            };
+            AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
+            var authFactory = new AuthenticationFactory();
+            var token = authFactory.Authenticate(account, environment, tenant, null, null, null);
+            _output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
+            Assert.Equal(expectedAccessToken, token.AccessToken);
+            var account2 = new AzureAccount
+            {
+                Id = userId,
+                Type = AzureAccount.AccountType.ManagedService
+            };
+            var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
+            _output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
+            Assert.Equal(expectedToken2, token2.AccessToken);
+            var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
+            Assert.Throws<InvalidOperationException>(() => token3.AccessToken);
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         void ResponseRedactionWorks()

diff --git a/src/Common/Commands.Common.Authentication.Test/TestHttpOperationsFactory.cs b/src/Common/Commands.Common.Authentication.Test/TestHttpOperationsFactory.cs
@@ -12,6 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Rest.Azure;
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
@@ -31,7 +32,13 @@ private TestHttpOperationsFactory()
         }
 
         IDictionary<string, object> _responses = new ConcurrentDictionary<string, object>(StringComparer.OrdinalIgnoreCase);
-        public IHttpOperations<T> GetHttpOperations<T>()
+        public IHttpOperations<T> GetHttpOperations<T>() where T : class, ICacheable
+        {
+            var result = new TestHttpOperations<T>(_responses, _output);
+            return result;
+        }
+
+        public IHttpOperations<T> GetHttpOperations<T>(bool useCaching) where T :  class, ICacheable
         {
             var result = new TestHttpOperations<T>(_responses, _output);
             return result;
@@ -83,7 +90,7 @@ public Task<T> GetAsync(string requestUri, CancellationToken token)
             {
                 if (!_responses.ContainsKey(requestUri))
                 {
-                    throw new InvalidOperationException(string.Format("Unexpected request Uri '{0}'", requestUri));
+                    throw new CloudException(string.Format("Unexpected request Uri '{0}'", requestUri));
                 }
 
                 var output = _responses[requestUri];