Added AZURESUBSCRIPTION_CLIENT_ID and AZURESUBSCRIPTION_TENANT_ID env vars (#19818)

starkmsu · web-flow · commit c2d533cc8057 · 2024-04-26T14:44:49.000+02:00
Added AZURESUBSCRIPTION_CLIENT_ID and AZURESUBSCRIPTION_TENANT_ID env vars for WIF flow
diff --git a/Tasks/AzureCLIV2/azureclitask.ts b/Tasks/AzureCLIV2/azureclitask.ts
@@ -33,8 +33,6 @@ export class azureclitask {
             var connectedService: string = tl.getInput("connectedServiceNameARM", true);
             await this.loginAzureRM(connectedService);
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = connectedService;
-
             let errLinesCount: number = 0;
             let aggregatedErrorLines: string[] = [];
             tool.on('errline', (errorLine: string) => {
@@ -125,7 +123,12 @@ export class azureclitask {
                 this.logoutAzure();
             }
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
+            if (process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID && process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID !== "")
+            {
+                process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
+                process.env.AZURESUBSCRIPTION_CLIENT_ID = '';
+                process.env.AZURESUBSCRIPTION_TENANT_ID = '';
+            }
         }
     }
 
@@ -151,9 +154,13 @@ export class azureclitask {
             //login using OpenID Connect federation
             Utility.throwIfError(tl.execSync("az", args), tl.loc("LoginFailed"));
 
-             this.servicePrincipalId = servicePrincipalId;
-             this.federatedToken = federatedToken;
-             this.tenantId = tenantId;
+            this.servicePrincipalId = servicePrincipalId;
+            this.federatedToken = federatedToken;
+            this.tenantId = tenantId;
+
+            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = connectedService;
+            process.env.AZURESUBSCRIPTION_CLIENT_ID = servicePrincipalId;
+            process.env.AZURESUBSCRIPTION_TENANT_ID = tenantId;
         }
         else if (authScheme.toLowerCase() == "serviceprincipal") {
             let authType: string = tl.getEndpointAuthorizationParameter(connectedService, 'authenticationType', true);
diff --git a/Tasks/AzureCLIV2/task.json b/Tasks/AzureCLIV2/task.json
@@ -20,7 +20,7 @@
     "version": {
         "Major": 2,
         "Minor": 239,
-        "Patch": 0
+        "Patch": 2
     },
     "minimumAgentVersion": "2.0.0",
     "instanceNameFormat": "Azure CLI $(scriptPath)",
diff --git a/Tasks/AzureCLIV2/task.loc.json b/Tasks/AzureCLIV2/task.loc.json
@@ -20,7 +20,7 @@
   "version": {
     "Major": 2,
     "Minor": 239,
-    "Patch": 0
+    "Patch": 2
   },
   "minimumAgentVersion": "2.0.0",
   "instanceNameFormat": "ms-resource:loc.instanceNameFormat",
diff --git a/Tasks/AzurePowerShellV5/AzurePowerShell.ps1 b/Tasks/AzurePowerShellV5/AzurePowerShell.ps1
@@ -195,7 +195,12 @@ finally {
     . "$PSScriptRoot\Utility.ps1"
     Import-Module "$PSScriptRoot\ps_modules\VstsAzureHelpers_"
     Remove-EndpointSecrets
-    $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = ''
     Update-PSModulePathForHostedAgent
     Disconnect-AzureAndClearContext -restrictContext 'True' -ErrorAction SilentlyContinue
+
+    if ($env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID) {
+        $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = ""
+        $env:AZURESUBSCRIPTION_CLIENT_ID = ""
+        $env:AZURESUBSCRIPTION_TENANT_ID = ""
+    }
 }
diff --git a/Tasks/AzurePowerShellV5/CoreAz.ps1 b/Tasks/AzurePowerShellV5/CoreAz.ps1
@@ -31,4 +31,8 @@ $encryptedToken = ConvertTo-SecureString $vstsAccessToken -AsPlainText -Force
 Initialize-AzModule -Endpoint $endpointObject -connectedServiceNameARM $connectedServiceNameARM `
     -azVersion $targetAzurePs -isPSCore $isPSCore -encryptedToken $encryptedToken
 
-$env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = $connectedServiceNameARM
+if ($vstsAccessToken) {
+    $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = $connectedServiceNameARM
+    $env:AZURESUBSCRIPTION_CLIENT_ID = $endpointObject.servicePrincipalClientID
+    $env:AZURESUBSCRIPTION_TENANT_ID = $endpointObject.tenantId
+}
diff --git a/Tasks/AzurePowerShellV5/InitializeAz.ps1 b/Tasks/AzurePowerShellV5/InitializeAz.ps1
@@ -119,6 +119,8 @@ elseif ($endpointObject.scheme -eq 'WorkloadIdentityFederation') {
     }
 
     $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = $serviceConnectionId
+    $env:AZURESUBSCRIPTION_CLIENT_ID = $endpointObject.servicePrincipalClientID
+    $env:AZURESUBSCRIPTION_TENANT_ID = $endpointObject.tenantId
 }
 else {
     #  Provide an additional, custom, credentials-related error message. Will handle localization later
diff --git a/Tasks/AzurePowerShellV5/RemoveAzContext.ps1 b/Tasks/AzurePowerShellV5/RemoveAzContext.ps1
@@ -2,4 +2,10 @@
 . "$PSScriptRoot/ps_modules/VstsAzureHelpers_/Utility.ps1"
 
 Update-PSModulePathForHostedAgentLinux
-Disconnect-AzureAndClearContext -restrictContext 'True'
+Disconnect-AzureAndClearContext -restrictContext 'True'
+
+if ($env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID) {
+    $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = ""
+    $env:AZURESUBSCRIPTION_CLIENT_ID = ""
+    $env:AZURESUBSCRIPTION_TENANT_ID = ""
+}
diff --git a/Tasks/AzurePowerShellV5/azurepowershell.ts b/Tasks/AzurePowerShellV5/azurepowershell.ts
@@ -171,8 +171,6 @@ async function run() {
                 .arg('-Command')
                 .arg(`. '${path.join(path.resolve(__dirname),'RemoveAzContext.ps1')}'`);
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
-
             let options = <tr.IExecOptions>{
                     cwd: input_workingDirectory,
                     failOnStdErr: false,
diff --git a/Tasks/AzurePowerShellV5/task.json b/Tasks/AzurePowerShellV5/task.json
@@ -18,7 +18,7 @@
   "version": {
     "Major": 5,
     "Minor": 239,
-    "Patch": 6
+    "Patch": 8
   },
   "releaseNotes": "Added support for Az Module and cross platform agents.",
   "groups": [
diff --git a/Tasks/AzurePowerShellV5/task.loc.json b/Tasks/AzurePowerShellV5/task.loc.json
@@ -18,7 +18,7 @@
   "version": {
     "Major": 5,
     "Minor": 239,
-    "Patch": 6
+    "Patch": 8
   },
   "releaseNotes": "ms-resource:loc.releaseNotes",
   "groups": [
diff --git a/_generated/AzureCLIV2.versionmap.txt b/_generated/AzureCLIV2.versionmap.txt
@@ -1,2 +1,2 @@
-Default|2.239.0
-Node20_229_2|2.239.1
+Default|2.239.2
+Node20_229_2|2.239.3
diff --git a/_generated/AzureCLIV2/azureclitask.ts b/_generated/AzureCLIV2/azureclitask.ts
@@ -33,8 +33,6 @@ export class azureclitask {
             var connectedService: string = tl.getInput("connectedServiceNameARM", true);
             await this.loginAzureRM(connectedService);
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = connectedService;
-
             let errLinesCount: number = 0;
             let aggregatedErrorLines: string[] = [];
             tool.on('errline', (errorLine: string) => {
@@ -125,7 +123,12 @@ export class azureclitask {
                 this.logoutAzure();
             }
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
+            if (process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID && process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID !== "")
+            {
+                process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
+                process.env.AZURESUBSCRIPTION_CLIENT_ID = '';
+                process.env.AZURESUBSCRIPTION_TENANT_ID = '';
+            }
         }
     }
 
@@ -151,9 +154,13 @@ export class azureclitask {
             //login using OpenID Connect federation
             Utility.throwIfError(tl.execSync("az", args), tl.loc("LoginFailed"));
 
-             this.servicePrincipalId = servicePrincipalId;
-             this.federatedToken = federatedToken;
-             this.tenantId = tenantId;
+            this.servicePrincipalId = servicePrincipalId;
+            this.federatedToken = federatedToken;
+            this.tenantId = tenantId;
+
+            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = connectedService;
+            process.env.AZURESUBSCRIPTION_CLIENT_ID = servicePrincipalId;
+            process.env.AZURESUBSCRIPTION_TENANT_ID = tenantId;
         }
         else if (authScheme.toLowerCase() == "serviceprincipal") {
             let authType: string = tl.getEndpointAuthorizationParameter(connectedService, 'authenticationType', true);
diff --git a/_generated/AzureCLIV2/task.json b/_generated/AzureCLIV2/task.json
@@ -20,7 +20,7 @@
   "version": {
     "Major": 2,
     "Minor": 239,
-    "Patch": 0
+    "Patch": 2
   },
   "minimumAgentVersion": "2.0.0",
   "instanceNameFormat": "Azure CLI $(scriptPath)",
@@ -204,7 +204,7 @@
     "ExpiredServicePrincipalMessageWithLink": "Secret expired, update service connection at\u00A0%s See\u00A0https://aka.ms/azdo-rm-workload-identity-conversion to learn more about conversion to secret-less service connections."
   },
   "_buildConfigMapping": {
-    "Default": "2.239.0",
-    "Node20_229_2": "2.239.1"
+    "Default": "2.239.2",
+    "Node20_229_2": "2.239.3"
   }
 }
diff --git a/_generated/AzureCLIV2/task.loc.json b/_generated/AzureCLIV2/task.loc.json
@@ -20,7 +20,7 @@
   "version": {
     "Major": 2,
     "Minor": 239,
-    "Patch": 0
+    "Patch": 2
   },
   "minimumAgentVersion": "2.0.0",
   "instanceNameFormat": "ms-resource:loc.instanceNameFormat",
@@ -204,7 +204,7 @@
     "ExpiredServicePrincipalMessageWithLink": "ms-resource:loc.messages.ExpiredServicePrincipalMessageWithLink"
   },
   "_buildConfigMapping": {
-    "Default": "2.239.0",
-    "Node20_229_2": "2.239.1"
+    "Default": "2.239.2",
+    "Node20_229_2": "2.239.3"
   }
 }
diff --git a/_generated/AzureCLIV2_Node20/azureclitask.ts b/_generated/AzureCLIV2_Node20/azureclitask.ts
@@ -33,8 +33,6 @@ export class azureclitask {
             var connectedService: string = tl.getInput("connectedServiceNameARM", true);
             await this.loginAzureRM(connectedService);
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = connectedService;
-
             let errLinesCount: number = 0;
             let aggregatedErrorLines: string[] = [];
             tool.on('errline', (errorLine: string) => {
@@ -125,7 +123,12 @@ export class azureclitask {
                 this.logoutAzure();
             }
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
+            if (process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID && process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID !== "")
+            {
+                process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
+                process.env.AZURESUBSCRIPTION_CLIENT_ID = '';
+                process.env.AZURESUBSCRIPTION_TENANT_ID = '';
+            }
         }
     }
 
@@ -151,9 +154,13 @@ export class azureclitask {
             //login using OpenID Connect federation
             Utility.throwIfError(tl.execSync("az", args), tl.loc("LoginFailed"));
 
-             this.servicePrincipalId = servicePrincipalId;
-             this.federatedToken = federatedToken;
-             this.tenantId = tenantId;
+            this.servicePrincipalId = servicePrincipalId;
+            this.federatedToken = federatedToken;
+            this.tenantId = tenantId;
+
+            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = connectedService;
+            process.env.AZURESUBSCRIPTION_CLIENT_ID = servicePrincipalId;
+            process.env.AZURESUBSCRIPTION_TENANT_ID = tenantId;
         }
         else if (authScheme.toLowerCase() == "serviceprincipal") {
             let authType: string = tl.getEndpointAuthorizationParameter(connectedService, 'authenticationType', true);
diff --git a/_generated/AzureCLIV2_Node20/task.json b/_generated/AzureCLIV2_Node20/task.json
@@ -20,7 +20,7 @@
   "version": {
     "Major": 2,
     "Minor": 239,
-    "Patch": 1
+    "Patch": 3
   },
   "minimumAgentVersion": "2.0.0",
   "instanceNameFormat": "Azure CLI $(scriptPath)",
@@ -208,7 +208,7 @@
     "ExpiredServicePrincipalMessageWithLink": "Secret expired, update service connection at\u00A0%s See\u00A0https://aka.ms/azdo-rm-workload-identity-conversion to learn more about conversion to secret-less service connections."
   },
   "_buildConfigMapping": {
-    "Default": "2.239.0",
-    "Node20_229_2": "2.239.1"
+    "Default": "2.239.2",
+    "Node20_229_2": "2.239.3"
   }
 }
diff --git a/_generated/AzureCLIV2_Node20/task.loc.json b/_generated/AzureCLIV2_Node20/task.loc.json
@@ -20,7 +20,7 @@
   "version": {
     "Major": 2,
     "Minor": 239,
-    "Patch": 1
+    "Patch": 3
   },
   "minimumAgentVersion": "2.0.0",
   "instanceNameFormat": "ms-resource:loc.instanceNameFormat",
@@ -208,7 +208,7 @@
     "ExpiredServicePrincipalMessageWithLink": "ms-resource:loc.messages.ExpiredServicePrincipalMessageWithLink"
   },
   "_buildConfigMapping": {
-    "Default": "2.239.0",
-    "Node20_229_2": "2.239.1"
+    "Default": "2.239.2",
+    "Node20_229_2": "2.239.3"
   }
 }
diff --git a/_generated/AzurePowerShellV5.versionmap.txt b/_generated/AzurePowerShellV5.versionmap.txt
@@ -1,2 +1,2 @@
-Default|5.239.6
-Node20_229_2|5.239.7
+Default|5.239.8
+Node20_229_2|5.239.9
diff --git a/_generated/AzurePowerShellV5/AzurePowerShell.ps1 b/_generated/AzurePowerShellV5/AzurePowerShell.ps1
@@ -195,7 +195,12 @@ finally {
     . "$PSScriptRoot\Utility.ps1"
     Import-Module "$PSScriptRoot\ps_modules\VstsAzureHelpers_"
     Remove-EndpointSecrets
-    $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = ''
     Update-PSModulePathForHostedAgent
     Disconnect-AzureAndClearContext -restrictContext 'True' -ErrorAction SilentlyContinue
+
+    if ($env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID) {
+        $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = ""
+        $env:AZURESUBSCRIPTION_CLIENT_ID = ""
+        $env:AZURESUBSCRIPTION_TENANT_ID = ""
+    }
 }
diff --git a/_generated/AzurePowerShellV5/CoreAz.ps1 b/_generated/AzurePowerShellV5/CoreAz.ps1
@@ -31,4 +31,8 @@ $encryptedToken = ConvertTo-SecureString $vstsAccessToken -AsPlainText -Force
 Initialize-AzModule -Endpoint $endpointObject -connectedServiceNameARM $connectedServiceNameARM `
     -azVersion $targetAzurePs -isPSCore $isPSCore -encryptedToken $encryptedToken
 
-$env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = $connectedServiceNameARM
+if ($vstsAccessToken) {
+    $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = $connectedServiceNameARM
+    $env:AZURESUBSCRIPTION_CLIENT_ID = $endpointObject.servicePrincipalClientID
+    $env:AZURESUBSCRIPTION_TENANT_ID = $endpointObject.tenantId
+}
diff --git a/_generated/AzurePowerShellV5/InitializeAz.ps1 b/_generated/AzurePowerShellV5/InitializeAz.ps1
@@ -119,6 +119,8 @@ elseif ($endpointObject.scheme -eq 'WorkloadIdentityFederation') {
     }
 
     $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = $serviceConnectionId
+    $env:AZURESUBSCRIPTION_CLIENT_ID = $endpointObject.servicePrincipalClientID
+    $env:AZURESUBSCRIPTION_TENANT_ID = $endpointObject.tenantId
 }
 else {
     #  Provide an additional, custom, credentials-related error message. Will handle localization later
diff --git a/_generated/AzurePowerShellV5/RemoveAzContext.ps1 b/_generated/AzurePowerShellV5/RemoveAzContext.ps1
@@ -2,4 +2,10 @@
 . "$PSScriptRoot/ps_modules/VstsAzureHelpers_/Utility.ps1"
 
 Update-PSModulePathForHostedAgentLinux
-Disconnect-AzureAndClearContext -restrictContext 'True'
+Disconnect-AzureAndClearContext -restrictContext 'True'
+
+if ($env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID) {
+    $env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = ""
+    $env:AZURESUBSCRIPTION_CLIENT_ID = ""
+    $env:AZURESUBSCRIPTION_TENANT_ID = ""
+}
diff --git a/_generated/AzurePowerShellV5/azurepowershell.ts b/_generated/AzurePowerShellV5/azurepowershell.ts
@@ -171,8 +171,6 @@ async function run() {
                 .arg('-Command')
                 .arg(`. '${path.join(path.resolve(__dirname),'RemoveAzContext.ps1')}'`);
 
-            process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = '';
-
             let options = <tr.IExecOptions>{
                     cwd: input_workingDirectory,
                     failOnStdErr: false,
diff --git a/_generated/AzurePowerShellV5/task.json b/_generated/AzurePowerShellV5/task.json
@@ -18,7 +18,7 @@
   "version": {
     "Major": 5,
     "Minor": 239,
-    "Patch": 6
+    "Patch": 8
   },
   "releaseNotes": "Added support for Az Module and cross platform agents.",
   "groups": [
@@ -204,7 +204,7 @@
     "PS_ExitCode": "PowerShell exited with code '{0}'."
   },
   "_buildConfigMapping": {
-    "Default": "5.239.6",
-    "Node20_229_2": "5.239.7"
+    "Default": "5.239.8",
+    "Node20_229_2": "5.239.9"
   }
 }
diff --git a/_generated/AzurePowerShellV5/task.loc.json b/_generated/AzurePowerShellV5/task.loc.json
diff --git a/_generated/AzurePowerShellV5_Node20/AzurePowerShell.ps1 b/_generated/AzurePowerShellV5_Node20/AzurePowerShell.ps1
diff --git a/_generated/AzurePowerShellV5_Node20/CoreAz.ps1 b/_generated/AzurePowerShellV5_Node20/CoreAz.ps1
diff --git a/_generated/AzurePowerShellV5_Node20/InitializeAz.ps1 b/_generated/AzurePowerShellV5_Node20/InitializeAz.ps1
diff --git a/_generated/AzurePowerShellV5_Node20/RemoveAzContext.ps1 b/_generated/AzurePowerShellV5_Node20/RemoveAzContext.ps1
diff --git a/_generated/AzurePowerShellV5_Node20/azurepowershell.ts b/_generated/AzurePowerShellV5_Node20/azurepowershell.ts
diff --git a/_generated/AzurePowerShellV5_Node20/task.json b/_generated/AzurePowerShellV5_Node20/task.json
diff --git a/_generated/AzurePowerShellV5_Node20/task.loc.json b/_generated/AzurePowerShellV5_Node20/task.loc.json

Original file line number	Diff line number	Diff line change
`@@ -119,6 +119,8 @@ elseif ($endpointObject.scheme -eq 'WorkloadIdentityFederation') {`
`119`	`119`	`}`
`120`	`120`
`121`	`121`	`$env:AZURESUBSCRIPTION_SERVICE_CONNECTION_ID = $serviceConnectionId`
	`122`	`+ $env:AZURESUBSCRIPTION_CLIENT_ID = $endpointObject.servicePrincipalClientID`
	`123`	`+ $env:AZURESUBSCRIPTION_TENANT_ID = $endpointObject.tenantId`
`122`	`124`	`}`
`123`	`125`	`else {`
`124`	`126`	`# Provide an additional, custom, credentials-related error message. Will handle localization later`