Merge branch 'main' into network-2022-07-01

Author: htippanaboya

src/Accounts/Accounts/ChangeLog.md

@@ -19,6 +19,8 @@
 -->
 
 ## Upcoming Release
+* Enabled caching tokens when logging in with a service principal. This could reduce network traffic and improve performance.
+* Upgraded target framework of Microsoft.Identity.Client to net461 [#20189]
 
 ## Version 2.10.3
 * Updated `Get-AzSubscription` to retrieve subscription by Id rather than listed all the subscriptions from server if subscription Id is provided. [#19115]

src/Resources/Resources/UX/Microsoft.Resources/subscriptions.json renamed to src/Accounts/Accounts/UX/Microsoft.Accounts/subscriptions.json

@@ -8,7 +8,7 @@
        {
           "name":"Get-AzSubscription",
           "description":"Get subscriptions that the current account can access.",
-          "path":"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Resources/subscriptions",
+          "path":"/subscriptions/{subscriptionId}",
           "confirmation":false,
           "help":{
              "learnMore":{
@@ -17,8 +17,7 @@
              "parameterSets":[
                 {
                    "parameters":[
-                      "[[-ResourceGroupName] <System.String>]",
-                      "[[-TenantId] <String>]"
+                      "[[-SubscriptionId] <String>]"
                    ]
                 }
              ]
@@ -28,16 +27,12 @@
                 "description":"Get subscriptions that the current account can access.",
                 "parameters":[
                    {
-                      "name":"-ResourceGroupName",
-                      "value":"[path.resourceGroupName]"
-                   },
-                   {
-                      "name":"-TenantId",
-                      "value":"[path.TenantId]"
+                      "name":"-SubscriptionId",
+                      "value":"[path.subscriptionId]"
                    }
                 ]
              }
           ]
        }
     ]
- }
+ }

src/Accounts/Authentication.Test/AuthenticatorsTest/ServicePrincipalAuthenticatorTests.cs

@@ -71,7 +71,7 @@ public async Task ServicePrincipalSecretAuthenticationTest()
             //Setup
             var mockAzureCredentialFactory = new Mock<AzureCredentialFactory>();
             mockAzureCredentialFactory.Setup(f => f.CreateClientSecretCredential(
-                 It.IsAny<string>(), It.IsAny<string>(), It.IsAny<SecureString>(), It.IsAny<ClientCertificateCredentialOptions>())).Returns(() => new TokenCredentialMock());
+                 It.IsAny<string>(), It.IsAny<string>(), It.IsAny<SecureString>(), It.IsAny<ClientSecretCredentialOptions>())).Returns(() => new TokenCredentialMock());
 
             AzureSession.Instance.RegisterComponent(nameof(AzureCredentialFactory), () => mockAzureCredentialFactory.Object, true);
             InMemoryTokenCacheProvider cacheProvider = new InMemoryTokenCacheProvider();
@@ -101,7 +101,7 @@ public async Task ServicePrincipalSecretAuthenticationTest()
             var token = await authenticator.Authenticate(parameter);
 
             //Verify
-            mockAzureCredentialFactory.Verify(f => f.CreateClientSecretCredential(TestTenantId, accountId, securePassword, It.IsAny<ClientCertificateCredentialOptions>()), Times.Once());
+            mockAzureCredentialFactory.Verify(f => f.CreateClientSecretCredential(TestTenantId, accountId, securePassword, It.IsAny<ClientSecretCredentialOptions>()), Times.Once());
             Assert.Equal(fakeToken, token.AccessToken);
             Assert.Equal(TestTenantId, token.TenantId);
         }

src/Accounts/Authenticators/Factories/AzureCredentialFactory.cs

@@ -27,7 +27,7 @@ public virtual TokenCredential CreateManagedIdentityCredential(string clientId)
             return new ManagedIdentityCredential(clientId);
         }
 
-        public virtual TokenCredential CreateClientSecretCredential(string tenantId, string clientId, SecureString secret, ClientCertificateCredentialOptions options)
+        public virtual TokenCredential CreateClientSecretCredential(string tenantId, string clientId, SecureString secret, ClientSecretCredentialOptions options)
         {
             return new ClientSecretCredential(tenantId, clientId, secret.ConvertToString(), options);
         }

src/Accounts/Authenticators/ServicePrincipalAuthenticator.cs

@@ -30,7 +30,7 @@ public class ServicePrincipalAuthenticator : DelegatingAuthenticator
     {
         private const string AuthenticationFailedMessage = "No certificate thumbprint or secret provided for the given service principal '{0}'.";
 
-        //MSAL doesn't cache Service Principal into msal.cache
+        // MSAL doesn't cache the secret of Service Principal, but it caches access tokens
         public override Task<IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken)
         {
             var spParameters = parameters as ServicePrincipalParameters;
@@ -43,10 +43,12 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             var authority = spParameters.Environment.ActiveDirectoryAuthority;
 
             var requestContext = new TokenRequestContext(scopes);
+            var tokenCachePersistenceOptions = spParameters.TokenCacheProvider.GetTokenCachePersistenceOptions();
             AzureSession.Instance.TryGetComponent(nameof(AzureCredentialFactory), out AzureCredentialFactory azureCredentialFactory);
 
             var options = new ClientCertificateCredentialOptions()
             {
+                TokenCachePersistenceOptions = tokenCachePersistenceOptions, // allows MSAL to cache access tokens
                 AuthorityHost = new Uri(authority),
                 SendCertificateChain = spParameters.SendCertificateChain ?? default(bool)
             };
@@ -63,10 +65,15 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             else if (spParameters.Secret != null)
             {
                 //Service principal with secret
-                tokenCredential = azureCredentialFactory.CreateClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret, options);
-                parametersLog = $"- ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'";
+                var csOptions = new ClientSecretCredentialOptions()
+                {
+                    TokenCachePersistenceOptions = tokenCachePersistenceOptions, // allows MSAL to cache access tokens
+                    AuthorityHost = new Uri(authority)
+                };
+                tokenCredential = azureCredentialFactory.CreateClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret, csOptions);
+                parametersLog = $"- ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{csOptions.AuthorityHost}'";
             }
-            else if(!string.IsNullOrEmpty(spParameters.CertificatePath))
+            else if (!string.IsNullOrEmpty(spParameters.CertificatePath))
             {
                 if (spParameters.CertificateSecret != null)
                 {
@@ -86,6 +93,7 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             {
                 throw new MsalException(MsalError.AuthenticationFailed, string.Format(AuthenticationFailedMessage, clientId));
             }
+
             return MsalAccessToken.GetAccessTokenAsync(
                 nameof(ServicePrincipalAuthenticator),
                 parametersLog,

src/Aks/Aks.Sdk/README.md

@@ -35,28 +35,28 @@ directive:
     transform: $.name = "ResourceIdentityTypeForCommonTypes"
   - from: swagger-document
     where: $.definitions.ManagedClusterAgentPoolProfileProperties.properties.orchestratorVersion
-    transform: $["description"] = $["description"].replaceAll("<", "(");
+    transform: $["description"] = $["description"].replace(/</g, "(");
   - from: swagger-document
     where: $.definitions.ManagedClusterAgentPoolProfileProperties.properties.orchestratorVersion
-    transform: $["description"] = $["description"].replaceAll(">", ")");
+    transform: $["description"] = $["description"].replace(/>/g, ")");
   - from: swagger-document
     where: $.definitions.ManagedClusterAgentPoolProfileProperties.properties.currentOrchestratorVersion
-    transform: $["description"] = $["description"].replaceAll("<", "(");
+    transform: $["description"] = $["description"].replace(/</g, "(");
   - from: swagger-document
     where: $.definitions.ManagedClusterAgentPoolProfileProperties.properties.currentOrchestratorVersion
-    transform: $["description"] = $["description"].replaceAll(">", ")");
+    transform: $["description"] = $["description"].replace(/>/g, ")");
   - from: swagger-document
     where: $.definitions.ManagedClusterProperties.properties.kubernetesVersion
-    transform: $["description"] = $["description"].replaceAll("<", "(");
+    transform: $["description"] = $["description"].replace(/</g, "(");
   - from: swagger-document
     where: $.definitions.ManagedClusterProperties.properties.kubernetesVersion
-    transform: $["description"] = $["description"].replaceAll(">", ")");
+    transform: $["description"] = $["description"].replace(/>/g, ")");
   - from: swagger-document
     where: $.definitions.ManagedClusterProperties.properties.currentKubernetesVersion
-    transform: $["description"] = $["description"].replaceAll("<", "(");
+    transform: $["description"] = $["description"].replace(/</g, "(");
   - from: swagger-document
     where: $.definitions.ManagedClusterProperties.properties.currentKubernetesVersion
-    transform: $["description"] = $["description"].replaceAll(">", ")");
+    transform: $["description"] = $["description"].replace(/>/g, ")");
 
 output-folder: Generated
 namespace: Microsoft.Azure.Management.ContainerService

src/ApiManagement/ApiManagement/ChangeLog.md

@@ -18,7 +18,6 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
-* Upgraded AutoMapper to Microsoft.Azure.PowerShell.AutoMapper 6.2.2 with fix [#18721]
 
 ## Version 4.0.1
 * Upgraded AutoMapper to Microsoft.Azure.PowerShell.AutoMapper 6.2.2 with fix [#18721]

src/Monitor/Monitor/UX/Microsoft.Monitor/components.json renamed to src/ApplicationInsights/ApplicationInsights/UX/Microsoft.ApplicationInsights/components.json

@@ -0,0 +1,42 @@
+### Example 1: Get a Run Command for VM
+
+```powershell
+Get-AzVMRunCommand -ResourceGroupName MyRG -VMName MyVM -RunCommandName MyRunCommand
+```
+
+Get a Run Command for VM without Instance View.
+
+### Example 2: Get a Run Command for VM with Instance View
+
+```powershell
+$x = Get-AzVMRunCommand -ResourceGroupName MyRG -VMName MyVM -RunCommandName MyRunCommand -Expand InstanceView
+$x.InstanceView
+```
+
+```output
+ExecutionState   : Succeeded
+ExecutionMessage :
+ExitCode         : 0
+Output           :     Directory: C:\
+
+
+                   Mode                 LastWriteTime         Length Name
+                   ----                 -------------         ------ ----
+                   -a----        10/27/2022   9:10 PM              0 HelloWorld2022-10-27T21.10.54.9266231+00.00.txt
+
+
+Error            :
+StartTime        : 10/27/2022 9:10:52 PM
+EndTime          : 10/27/2022 9:10:55 PM
+Statuses         :
+```
+
+Get a Run Command for VM with Instance View. Instance View contains execution state of run command (Succeeded, Failed, etc.), exit code, standard output and standard error generated by executing the script using Run Command. A non-zero ExitCode indicates an unsuccessful execution.
+
+### Example 3: Get all Run Commands for a VM
+
+```powershell
+Get-AzVMRunCommand -ResourceGroupName MyRG -VMName MyVM
+```
+
+Get list of all Run Commands for a VM.

src/Compute/Compute.Autorest/docs/Get-AzVMRunCommand.md

@@ -0,0 +1,42 @@
+### Example 1: Get a Run Command for VMSS VM instance
+
+```powershell
+Get-AzVmssVMRunCommand  -ResourceGroupName MyRG0 -VMScaleSetName MyVMSS -InstanceId 0 -RunCommandName MyRunCommand
+```
+
+Get a Run Command for VM without Instance View.
+
+### Example 2: Get a Run Command for VMSS VM instance with Instance View
+
+```powershell
+$x = Get-AzVmssVMRunCommand  -ResourceGroupName MyRG0 -VMScaleSetName MyVMSS -InstanceId 0 -RunCommandName MyRunCommand -Expand InstanceView
+$x.InstanceView
+```
+
+```output
+ExecutionState   : Succeeded
+ExecutionMessage :
+ExitCode         : 0
+Output           :     Directory: C:\
+
+
+                   Mode                 LastWriteTime         Length Name
+                   ----                 -------------         ------ ----
+                   -a----        10/27/2022   9:10 PM              0 HelloWorld2022-10-27T21.10.54.9266231+00.00.txt
+
+
+Error            :
+StartTime        : 10/27/2022 9:10:52 PM
+EndTime          : 10/27/2022 9:10:55 PM
+Statuses         :
+```
+
+Get a Run Command for VM with Instance View. Instance View contains execution state of run command (Succeeded, Failed, etc.), exit code, standard output and standard error generated by executing the script using Run Command. A non-zero ExitCode indicates an unsuccessful execution.
+
+### Example 3: Get all Run Commands for a VMSS VM instance
+
+```powershell
+Get-AzVmssVMRunCommand -ResourceGroupName MyRG -VMScaleSetName MyVMSS -InstanceId 1
+```
+
+Get list of all Run Commands for a VM.