Handling warnings and adding OIDC promotion message release PR (#222)

* added handling warnings
Azure · May 2, 2022 · ec3c145 · ec3c145
1 parent 30a3a45
commit ec3c145
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -207,18 +207,24 @@ Follow the steps to configure Azure Service Principal with a secret:
 
   # The command should output a JSON object similar to this:
 
+
   {
     "clientId": "<GUID>",
-    "clientSecret": "<GUID>",
+    "clientSecret": "<STRING>",
     "subscriptionId": "<GUID>",
     "tenantId": "<GUID>",
+    "resourceManagerEndpointUrl": "<URL>"
     (...)
   }
 
 ```
   * Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above)
   * Note: The above `az ad sp create-for-rbac` command will give you the `--sdk-auth` deprecation warning. As we are working with CLI for this deprecation process, we strongly recommend users to use this `--sdk-auth` flag as the result dictionary output changes and not accepted by login action if `--sdk-auth` is not used.
 
+### Manually creating the Credentials object
+
+If you already created and assigned a Service Principal in Azure you can manually create the .json object above by finding the `clientId` and `clientSecret` on the Service Principal, and your `subscriptionId` and `tenantId` of the subscription and tenant respectively. The `resourceManagerEndpointUrl` will be `https://management.azure.com/` if you are using the public Azure cloud.
+
 ### Configure a service principal with a Federated Credential to use OIDC based authentication:
 
 
@@ -234,7 +240,7 @@ You can add federated credentials in the Azure portal or with the Microsoft Grap
 7. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims). 
 8. Add a **Name** for the federated credential.
 9. Click **Add** to configure the federated credential.
-10. Make sure the above created application has the `contributor` access to the provided subscription.
+10. Make sure the above created application has the `contributor` access to the provided subscription. Visit [role-based-access-control](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current#prerequisites) for more details.
 
 For a more detailed overview, see more guidance around [Azure Federated Credentials](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust-github). 
 

diff --git a/lib/main.js b/lib/main.js
@@ -40,22 +40,20 @@ function main() {
     return __awaiter(this, void 0, void 0, function* () {
         try {
             //Options for error handling
-            let commandStdErr = false;
             const loginOptions = {
                 silent: true,
-                ignoreReturnCode: true,
-                failOnStdErr: true,
                 listeners: {
                     stderr: (data) => {
                         let error = data.toString();
-                        //removing the keyword 'ERROR' to avoid duplicates while throwing error
-                        if (error.toLowerCase().startsWith('error')) {
-                            error = error.slice(5);
-                        }
-                        // printing error
-                        if (error && error.trim().length !== 0) {
-                            commandStdErr = true;
-                            core.error(error);
+                        let startsWithWarning = error.toLowerCase().startsWith('warning');
+                        let startsWithError = error.toLowerCase().startsWith('error');
+                        // printing ERROR
+                        if (error && error.trim().length !== 0 && !startsWithWarning) {
+                            if (startsWithError) {
+                                //removing the keyword 'ERROR' to avoid duplicates while throwing error
+                                error = error.slice(5);
+                            }
+                            core.setFailed(error);
                         }
                     }
                 }
@@ -190,6 +188,7 @@ function main() {
                 commonArgs = commonArgs.concat("--federated-token", federatedToken);
             }
             else {
+                console.log("Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.");
                 commonArgs = commonArgs.concat("-p", servicePrincipalKey);
             }
             yield executeAzCliCommand(`login`, true, loginOptions, commonArgs);

diff --git a/src/main.ts b/src/main.ts
@@ -12,22 +12,20 @@ var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREP
 async function main() {
     try {
         //Options for error handling
-        let commandStdErr = false;
         const loginOptions: ExecOptions = {
             silent: true,
-            ignoreReturnCode: true,
-            failOnStdErr: true,
             listeners: {
                 stderr: (data: Buffer) => {
                     let error = data.toString();
-                    //removing the keyword 'ERROR' to avoid duplicates while throwing error
-                    if (error.toLowerCase().startsWith('error')) {
-                        error = error.slice(5);
-                    }
-                    // printing error
-                    if (error && error.trim().length !== 0) {
-                        commandStdErr = true;
-                        core.error(error);
+                    let startsWithWarning = error.toLowerCase().startsWith('warning');
+                    let startsWithError = error.toLowerCase().startsWith('error');
+                    // printing ERROR
+                    if (error && error.trim().length !== 0 && !startsWithWarning) {
+                        if(startsWithError) {
+                            //removing the keyword 'ERROR' to avoid duplicates while throwing error
+                            error = error.slice(5);
+                        }
+                        core.setFailed(error);
                     }
                 }
             }
@@ -174,6 +172,7 @@ async function main() {
             commonArgs = commonArgs.concat("--federated-token", federatedToken);
         }
         else {
+            console.log("Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.")
             commonArgs = commonArgs.concat("-p", servicePrincipalKey);
         }
         await executeAzCliCommand(`login`, true, loginOptions, commonArgs);