Move admin center / publish to env authentication to action rather than inline powershell #2116
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| Param( | ||
| [Parameter(HelpMessage = "Name of the secret to check (e.g., 'adminCenterApiCredentials' or comma-separated list to check multiple)", Mandatory = $true)] | ||
| [string] $secretName, | ||
| [Parameter(HelpMessage = "Environment name (for error messages)", Mandatory = $false)] | ||
| [string] $environmentName = '' | ||
| ) | ||
|
|
||
| . (Join-Path -Path $PSScriptRoot -ChildPath "..\AL-Go-Helper.ps1" -Resolve) | ||
|
|
||
| $settings = $env:Settings | ConvertFrom-Json | ||
| $secrets = $env:Secrets | ConvertFrom-Json | ConvertTo-HashTable | ||
|
|
||
| # Check each secret name in order | ||
| $authContext = $null | ||
| $foundSecretName = '' | ||
| foreach ($name in ($secretName -split ',')) { | ||
| $name = $name.Trim() | ||
| if ($secrets.ContainsKey($name) -and $secrets."$name") { | ||
| Write-Host "Using $name secret" | ||
| $authContext = $secrets."$name" | ||
| $foundSecretName = $name | ||
| break | ||
| } | ||
| } | ||
|
|
||
| if ($authContext) { | ||
| Write-Host "AuthContext provided in secret $foundSecretName!" | ||
| Add-Content -Encoding UTF8 -Path $ENV:GITHUB_STEP_SUMMARY -Value "AuthContext was provided in a secret called $foundSecretName. Using this information for authentication." | ||
| } | ||
| else { | ||
| Write-Host "No AuthContext provided, initiating Device Code flow" | ||
|
Collaborator
There was a problem hiding this comment. This may be Consider adding "auth type" parameter to the action, in order to hide the |
||
| DownloadAndImportBcContainerHelper | ||
| $authContext = New-BcAuthContext -includeDeviceLogin -deviceLoginTimeout ([TimeSpan]::FromSeconds(0)) | ||
|
|
||
| # Build appropriate error message | ||
| if ($environmentName) { | ||
| $message = "AL-Go needs access to the Business Central Environment $($environmentName.Split(' ')[0]) and could not locate a secret called $($secretName -replace ',', ' or ')" | ||
| } | ||
| else { | ||
| $message = "AL-Go needs access to the Business Central Admin Center Api and could not locate a secret called $($settings.adminCenterApiCredentialsSecretName) (https://aka.ms/ALGoSettings#AdminCenterApiCredentialsSecretName)" | ||
| } | ||
|
|
||
| Add-Content -Encoding UTF8 -Path $ENV:GITHUB_STEP_SUMMARY -Value "$message`n`n$($authContext.message)" | ||
| Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "deviceCode=$($authContext.deviceCode)" | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # Check Auth Context | ||
|
|
||
| Check if Admin Center Api Credentials / AuthContext are provided in secrets. If not, initiate device code flow for authentication. | ||
|
|
||
| ## INPUT | ||
|
|
||
| ### ENV variables | ||
|
|
||
| | Name | Description | | ||
| | :-- | :-- | | ||
| | Settings | env.Settings must be set by a prior call to the ReadSettings Action | | ||
| | Secrets | env.Secrets must be set to the secrets output from ReadSecrets Action | | ||
|
|
||
| ### Parameters | ||
|
|
||
| | Name | Required | Description | Default value | | ||
| | :-- | :-: | :-- | :-- | | ||
| | shell | | The shell (powershell or pwsh) in which the PowerShell script in this action should run | powershell | | ||
| | secretName | Yes | Name of the secret to check (comma-separated list to check multiple in order) | | | ||
| | environmentName | | Environment name (for error messages when deploying to environments) | | | ||
|
|
||
| ## OUTPUT | ||
|
|
||
| ### ENV variables | ||
|
|
||
| none | ||
|
|
||
| ### OUTPUT variables | ||
|
|
||
| | Name | Description | | ||
| | :-- | :-- | | ||
| | deviceCode | Device code for authentication (only set if device login is required) | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| name: Check Auth Context | ||
| author: Microsoft Corporation | ||
| inputs: | ||
| shell: | ||
| description: Shell in which you want to run the action (powershell or pwsh) | ||
| required: false | ||
| default: powershell | ||
| secretName: | ||
| description: Name of the secret to check (e.g., 'adminCenterApiCredentials' or comma-separated list to check multiple) | ||
| required: true | ||
| environmentName: | ||
| description: Environment name (for error messages) | ||
| required: false | ||
| default: '' | ||
| outputs: | ||
| deviceCode: | ||
| description: Device code for authentication (if device login is required) | ||
| value: ${{ steps.CheckAuthContext.outputs.deviceCode }} | ||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: run | ||
| shell: ${{ inputs.shell }} | ||
| id: CheckAuthContext | ||
| env: | ||
| _secretName: ${{ inputs.secretName }} | ||
| _environmentName: ${{ inputs.environmentName }} | ||
| run: | | ||
| ${{ github.action_path }}/../Invoke-AlGoAction.ps1 -ActionName "CheckAuthContext" -Action { | ||
| ${{ github.action_path }}/CheckAuthContext.ps1 -secretName $ENV:_secretName -environmentName $ENV:_environmentName | ||
| } | ||
| branding: | ||
| icon: terminal | ||
| color: blue |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| Get-Module TestActionsHelper | Remove-Module -Force | ||
| Import-Module (Join-Path $PSScriptRoot 'TestActionsHelper.psm1') | ||
| $errorActionPreference = "Stop"; $ProgressPreference = "SilentlyContinue"; Set-StrictMode -Version 2.0 | ||
|
|
||
| Describe "CheckAuthContext Action Tests" { | ||
| BeforeAll { | ||
| $actionName = "CheckAuthContext" | ||
| $scriptRoot = Join-Path $PSScriptRoot "..\Actions\$actionName" -Resolve | ||
| $scriptName = "$actionName.ps1" | ||
| [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'scriptPath', Justification = 'False positive.')] | ||
| $scriptPath = Join-Path $scriptRoot $scriptName | ||
| [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'actionScript', Justification = 'False positive.')] | ||
| $actionScript = GetActionScript -scriptRoot $scriptRoot -scriptName $scriptName | ||
| } | ||
|
|
||
| It 'Compile Action' { | ||
| Invoke-Expression $actionScript | ||
| } | ||
|
|
||
| It 'Test action.yaml matches script' { | ||
| $outputs = [ordered]@{ | ||
| "deviceCode" = "Device code for authentication (if device login is required)" | ||
| } | ||
| YamlTest -scriptRoot $scriptRoot -actionName $actionName -actionScript $actionScript -outputs $outputs | ||
| } | ||
|
|
||
| It 'Should find first matching secret' { | ||
| $env:Settings = '{"adminCenterApiCredentialsSecretName": "adminCenterApiCredentials"}' | ||
| $env:Secrets = '{"adminCenterApiCredentials": "someCredentials"}' | ||
| $env:GITHUB_STEP_SUMMARY = [System.IO.Path]::GetTempFileName() | ||
| $env:GITHUB_OUTPUT = [System.IO.Path]::GetTempFileName() | ||
|
|
||
| Invoke-Expression $actionScript | ||
| CheckAuthContext -secretName 'adminCenterApiCredentials' | ||
|
|
||
| # Should NOT output deviceCode when secret is found | ||
| $output = Get-Content $env:GITHUB_OUTPUT -Raw | ||
| $output | Should -Not -Match "deviceCode=" | ||
|
|
||
| # Should write to step summary | ||
| $summary = Get-Content $env:GITHUB_STEP_SUMMARY -Raw | ||
| $summary | Should -Match "AuthContext was provided in a secret called adminCenterApiCredentials" | ||
|
|
||
| Remove-Item $env:GITHUB_STEP_SUMMARY -ErrorAction SilentlyContinue | ||
| Remove-Item $env:GITHUB_OUTPUT -ErrorAction SilentlyContinue | ||
| } | ||
|
|
||
| It 'Should find secret when checking multiple names - first match wins' { | ||
| $env:Settings = '{"adminCenterApiCredentialsSecretName": "adminCenterApiCredentials"}' | ||
| $env:Secrets = '{"TestEnv-AuthContext": "firstSecret", "AuthContext": "secondSecret"}' | ||
| $env:GITHUB_STEP_SUMMARY = [System.IO.Path]::GetTempFileName() | ||
| $env:GITHUB_OUTPUT = [System.IO.Path]::GetTempFileName() | ||
|
|
||
| Invoke-Expression $actionScript | ||
| CheckAuthContext -secretName 'TestEnv-AuthContext,TestEnv_AuthContext,AuthContext' | ||
|
|
||
| $summary = Get-Content $env:GITHUB_STEP_SUMMARY -Raw | ||
| $summary | Should -Match "AuthContext was provided in a secret called TestEnv-AuthContext" | ||
|
|
||
| Remove-Item $env:GITHUB_STEP_SUMMARY -ErrorAction SilentlyContinue | ||
| Remove-Item $env:GITHUB_OUTPUT -ErrorAction SilentlyContinue | ||
| } | ||
|
|
||
| It 'Should find fallback secret when primary not found' { | ||
| $env:Settings = '{"adminCenterApiCredentialsSecretName": "adminCenterApiCredentials"}' | ||
| $env:Secrets = '{"AuthContext": "fallbackSecret"}' | ||
| $env:GITHUB_STEP_SUMMARY = [System.IO.Path]::GetTempFileName() | ||
| $env:GITHUB_OUTPUT = [System.IO.Path]::GetTempFileName() | ||
|
|
||
| Invoke-Expression $actionScript | ||
| CheckAuthContext -secretName 'TestEnv-AuthContext,TestEnv_AuthContext,AuthContext' | ||
|
|
||
| $summary = Get-Content $env:GITHUB_STEP_SUMMARY -Raw | ||
| $summary | Should -Match "AuthContext was provided in a secret called AuthContext" | ||
|
|
||
| Remove-Item $env:GITHUB_STEP_SUMMARY -ErrorAction SilentlyContinue | ||
| Remove-Item $env:GITHUB_OUTPUT -ErrorAction SilentlyContinue | ||
| } | ||
|
|
||
| It 'Should initiate device login when no secret is found' { | ||
| $env:Settings = '{"adminCenterApiCredentialsSecretName": "adminCenterApiCredentials"}' | ||
| $env:Secrets = '{}' | ||
| $env:GITHUB_STEP_SUMMARY = [System.IO.Path]::GetTempFileName() | ||
| $env:GITHUB_OUTPUT = [System.IO.Path]::GetTempFileName() | ||
|
|
||
| # Import AL-Go-Helper to get the functions defined, then mock them | ||
| . (Join-Path $scriptRoot "..\AL-Go-Helper.ps1") | ||
| Mock DownloadAndImportBcContainerHelper { } | ||
| Mock New-BcAuthContext { | ||
| return @{ deviceCode = "TESTDEVICECODE"; message = "Enter code to authenticate" } | ||
| } | ||
|
|
||
| Invoke-Expression $actionScript | ||
| CheckAuthContext -secretName 'nonExistentSecret' | ||
|
|
||
| # Should output deviceCode when no secret is found | ||
| $output = Get-Content $env:GITHUB_OUTPUT -Raw | ||
| $output | Should -Match "deviceCode=TESTDEVICECODE" | ||
|
|
||
| # Should write device login message to step summary | ||
| $summary = Get-Content $env:GITHUB_STEP_SUMMARY -Raw | ||
| $summary | Should -Match "could not locate a secret" | ||
|
|
||
| Remove-Item $env:GITHUB_STEP_SUMMARY -ErrorAction SilentlyContinue | ||
| Remove-Item $env:GITHUB_OUTPUT -ErrorAction SilentlyContinue | ||
| } | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.