Skip to content

Commit

Permalink
Handling warnings and adding OIDC promotion message release PR (#222)
Browse files Browse the repository at this point in the history
* added handling warnings
  • Loading branch information
BALAGA-GAYATRI authored May 2, 2022
1 parent 30a3a45 commit ec3c145
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 24 deletions.
10 changes: 8 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -207,18 +207,24 @@ Follow the steps to configure Azure Service Principal with a secret:
# The command should output a JSON object similar to this:
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"clientSecret": "<STRING>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
"resourceManagerEndpointUrl": "<URL>"
(...)
}
```
* Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above)
* Note: The above `az ad sp create-for-rbac` command will give you the `--sdk-auth` deprecation warning. As we are working with CLI for this deprecation process, we strongly recommend users to use this `--sdk-auth` flag as the result dictionary output changes and not accepted by login action if `--sdk-auth` is not used.

### Manually creating the Credentials object

If you already created and assigned a Service Principal in Azure you can manually create the .json object above by finding the `clientId` and `clientSecret` on the Service Principal, and your `subscriptionId` and `tenantId` of the subscription and tenant respectively. The `resourceManagerEndpointUrl` will be `https://management.azure.com/` if you are using the public Azure cloud.

### Configure a service principal with a Federated Credential to use OIDC based authentication:


Expand All @@ -234,7 +240,7 @@ You can add federated credentials in the Azure portal or with the Microsoft Grap
7. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims).
8. Add a **Name** for the federated credential.
9. Click **Add** to configure the federated credential.
10. Make sure the above created application has the `contributor` access to the provided subscription.
10. Make sure the above created application has the `contributor` access to the provided subscription. Visit [role-based-access-control](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current#prerequisites) for more details.

For a more detailed overview, see more guidance around [Azure Federated Credentials](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust-github).

Expand Down
21 changes: 10 additions & 11 deletions lib/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -40,22 +40,20 @@ function main() {
return __awaiter(this, void 0, void 0, function* () {
try {
//Options for error handling
let commandStdErr = false;
const loginOptions = {
silent: true,
ignoreReturnCode: true,
failOnStdErr: true,
listeners: {
stderr: (data) => {
let error = data.toString();
//removing the keyword 'ERROR' to avoid duplicates while throwing error
if (error.toLowerCase().startsWith('error')) {
error = error.slice(5);
}
// printing error
if (error && error.trim().length !== 0) {
commandStdErr = true;
core.error(error);
let startsWithWarning = error.toLowerCase().startsWith('warning');
let startsWithError = error.toLowerCase().startsWith('error');
// printing ERROR
if (error && error.trim().length !== 0 && !startsWithWarning) {
if (startsWithError) {
//removing the keyword 'ERROR' to avoid duplicates while throwing error
error = error.slice(5);
}
core.setFailed(error);
}
}
}
Expand Down Expand Up @@ -190,6 +188,7 @@ function main() {
commonArgs = commonArgs.concat("--federated-token", federatedToken);
}
else {
console.log("Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.");
commonArgs = commonArgs.concat("-p", servicePrincipalKey);
}
yield executeAzCliCommand(`login`, true, loginOptions, commonArgs);
Expand Down
21 changes: 10 additions & 11 deletions src/main.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,22 +12,20 @@ var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREP
async function main() {
try {
//Options for error handling
let commandStdErr = false;
const loginOptions: ExecOptions = {
silent: true,
ignoreReturnCode: true,
failOnStdErr: true,
listeners: {
stderr: (data: Buffer) => {
let error = data.toString();
//removing the keyword 'ERROR' to avoid duplicates while throwing error
if (error.toLowerCase().startsWith('error')) {
error = error.slice(5);
}
// printing error
if (error && error.trim().length !== 0) {
commandStdErr = true;
core.error(error);
let startsWithWarning = error.toLowerCase().startsWith('warning');
let startsWithError = error.toLowerCase().startsWith('error');
// printing ERROR
if (error && error.trim().length !== 0 && !startsWithWarning) {
if(startsWithError) {
//removing the keyword 'ERROR' to avoid duplicates while throwing error
error = error.slice(5);
}
core.setFailed(error);
}
}
}
Expand Down Expand Up @@ -174,6 +172,7 @@ async function main() {
commonArgs = commonArgs.concat("--federated-token", federatedToken);
}
else {
console.log("Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.")
commonArgs = commonArgs.concat("-p", servicePrincipalKey);
}
await executeAzCliCommand(`login`, true, loginOptions, commonArgs);
Expand Down

0 comments on commit ec3c145

Please sign in to comment.