New service connection object with workloadidentity (#3855)

* New serive connection object with cert is used * new service connection with workload federated identity * Azure Powershell version changed to 5 * Add support for ClientAssertion type
2024-05-15 12:19:13 -05:00 · 2024-05-15 12:19:13 -05:00 · 36333f8f35
--- a/build/build-variables.yml
+++ b/build/build-variables.yml
@ -27,7 +27,7 @@ variables:
  TestEnvironmentUrl_R5_Sql: 'https://$(DeploymentEnvironmentName)-r5-sql.azurewebsites.net'
  #-----------------------------------------------------------------------------------------
  TestClientUrl: 'https://$(DeploymentEnvironmentName)-client/'
-  ConnectedServiceName: 'Microsoft Health Open Source Subscription - new'
+  ConnectedServiceName: 'oss-service-connection-with-workloadidentity'
  WindowsVmImage: 'windows-latest'
  LinuxVmImage: 'ubuntu-latest'  
  TestApplicationResource: 'https://$(DeploymentEnvironmentName).$(tenantDomain)'
--- a/build/ci-pipeline-mag.yml
+++ b/build/ci-pipeline-mag.yml
@ -23,7 +23,7 @@ stages:
  jobs:
  - job: ProvisionEnvironment
    steps:
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
      displayName: Provision Resource Group
      inputs:
        azureSubscription: $(ConnectedServiceName)
@ -31,7 +31,7 @@ stages:
        ScriptType: inlineScript
        Inline: |
          New-AzResourceGroup -Name "$(resourceGroupRoot)" -Location "$(ResourceGroupRegion)" -Force
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
      displayName: 'Deploy Default Site'
      inputs:
        azureSubscription: $(ConnectedServiceName)
@ -67,7 +67,7 @@ stages:
    
          # Deploy SQL Environment
          New-AzResourceGroupDeployment -Name "$(DeploymentEnvironmentNameR4Sql)" -ResourceGroupName "$(resourceGroupRoot)" -TemplateFile $(System.DefaultWorkingDirectory)/samples/templates/default-azuredeploy.json -TemplateParameterObject $templateParameters -Verbose
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
      displayName: 'Delete resource group'
      inputs:
        azureSubscription: $(ConnectedServiceName)
--- a/build/cleanup-pr-environments.yml
+++ b/build/cleanup-pr-environments.yml
@ -17,7 +17,7 @@ stages:
      name: '$(SharedLinuxPool)'
      vmImage: '$(LinuxVmImage)'
    steps:
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
      displayName: 'Delete resource group'
      inputs:
        azureSubscription: $(ConnectedServiceName)
--- a/build/jobs/clean-storage-accounts.yml
+++ b/build/jobs/clean-storage-accounts.yml
@ -7,7 +7,7 @@ jobs:
  pool:
    vmImage: $(WindowsVmImage)
  steps:
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
    displayName: 'Clean Storage Accounts'
    continueOnError: true
    inputs:
--- a/build/jobs/cleanup-aad.yml
+++ b/build/jobs/cleanup-aad.yml
@ -10,7 +10,7 @@ jobs:
      azureSubscription: $(ConnectedServiceName)
      KeyVaultName: 'resolute-oss-tenant-info'

-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
    displayName: 'Delete AAD apps'
    inputs:
      azureSubscription: $(ConnectedServiceName)
--- a/build/jobs/cleanup-resourcegroup-aad.yml
+++ b/build/jobs/cleanup-resourcegroup-aad.yml
@ -5,7 +5,7 @@ jobs:
    name: '$(SharedLinuxPool)'
    vmImage: '$(LinuxVmImage)'
  steps:
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
    displayName: 'Delete resource group'
    inputs:
      azureSubscription: $(ConnectedServiceName)
--- a/build/jobs/cleanup.yml
+++ b/build/jobs/cleanup.yml
@ -5,7 +5,7 @@ jobs:
    name: '$(SharedLinuxPool)'
    vmImage: '$(LinuxVmImage)'
  steps:
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
    displayName: 'Delete resource group'
    inputs:
      azureSubscription: $(ConnectedServiceName)
--- a/build/jobs/e2e-tests.yml
+++ b/build/jobs/e2e-tests.yml
@ -11,7 +11,7 @@ steps:
    parameters:
      version: ${{parameters.version}}

-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
    displayName: 'Set Variables'
    inputs:
      azureSubscription: $(ConnectedServiceName)
--- a/build/jobs/run-export-tests.yml
+++ b/build/jobs/run-export-tests.yml
@ -16,7 +16,7 @@ jobs:
    parameters:
      version: ${{parameters.version}}

-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
    displayName: 'Set Variables'
    inputs:
      azureSubscription: $(ConnectedServiceName)
@ -119,7 +119,7 @@ jobs:
    parameters:
      version: ${{parameters.version}}
  
-  - task: AzurePowerShell@4
+  - task: AzurePowerShell@5
    displayName: 'Set Variables'
    inputs:
      azureSubscription: $(ConnectedServiceName)
--- a/build/pr-pipeline.yml
+++ b/build/pr-pipeline.yml
@ -125,7 +125,7 @@ stages:
      name: '$(DefaultLinuxPool)'
      vmImage: '$(LinuxVmImage)'
    steps:
-    - task: AzurePowerShell@4
+    - task: AzurePowerShell@5
      displayName: Provision Resource Group
      inputs:
        azureSubscription: $(ConnectedServiceName)
--- a/release/scripts/PowerShell/FhirServerRelease/Public/Add-AadTestAuthEnvironment.ps1
+++ b/release/scripts/PowerShell/FhirServerRelease/Public/Add-AadTestAuthEnvironment.ps1
@ -91,6 +91,10 @@ function Add-AadTestAuthEnvironment {
        Write-Host "Current context is service principal: $($azContext.Account.Id)"
        $currentObjectId = (Get-AzADServicePrincipal -ServicePrincipalName $azContext.Account.Id).Id
    }
+    elseif ($azContext.Account.Type -eq "ClientAssertion") {
+        Write-Host "Current context is ClientAssertion: $($azContext.Account.Id)"
+        $currentObjectId = (Get-AzADServicePrincipal -ServicePrincipalName $azContext.Account.Id).Id
+    }
    else {
        Write-Host "Current context is account of type '$($azContext.Account.Type)' with id of '$($azContext.Account.Id)"
        throw "Running as an unsupported account type. Please use either a 'User' or 'Service Principal' to run this command"