Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Save-AzContext is not working for service principal account #22355

Closed
jimvvv opened this issue Jul 20, 2023 · 6 comments · Fixed by #22440
Closed

Save-AzContext is not working for service principal account #22355

jimvvv opened this issue Jul 20, 2023 · 6 comments · Fixed by #22440
Assignees
@msJinLei
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported needs-team-attention This issue needs attention from Azure service team or SDK team Tracking We will track status and follow internally

Comments

@jimvvv
Copy link

jimvvv commented Jul 20, 2023
edited
Loading

Description

I have two deployment group nodes in Azure DevOps. I put Save-AzContext in an Azure PowerShell task to save the context of the service connection. When I tried to restore the context from the json file, it worked on a node with Az.Accounts 2.8.0 but failed on the other node with Az.Accounts 2.12.2.

I followed the example 3 in this link to connect with the service principle account and then run Save-AzContext on each node.

Issue script & Debug output

PS C:\Users\ELK_Jimmy.Fan> $DebugPreference = "Continue"
PS C:\Users\ELK_Jimmy.Fan> Get-AzSubscription
DEBUG: 3:16:40 AM - GetAzureRMSubscriptionCommand begin processing with ParameterSet 'ListByIdInTenant'.
DEBUG: 3:16:40 AM - using account id 'b30d73d8-6b5f-4aa7-ab07-cd0c41e9109a'...
DEBUG: 3:16:40 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = [].
Returning default value [True].
WARNING: Unable to acquire token for tenant 'bf18836e-3a03-4f89-8750-e0392873f5c3' with error 'No certificate
thumbprint or secret provided for the given service principal 'b30d73d8-6b5f-4aa7-ab07-cd0c41e9109a'.'
WARNING: Unable to acquire token for tenant 'bf18836e-3a03-4f89-8750-e0392873f5c3' with error 'No certificate
thumbprint or secret provided for the given service principal 'b30d73d8-6b5f-4aa7-ab07-cd0c41e9109a'.'
DEBUG: 3:16:40 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning
default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Accounts:2.12.2; CommandName: Get-AzSubscription; PSVersion: 5.1.17763.3770;
IsSuccess: True; Duration: 00:00:00.0096230
DEBUG: 3:16:40 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning
default value [True].
DEBUG: 3:16:40 AM - GetAzureRMSubscriptionCommand end processing.

Environment data

PS C:\Users\ELK_Jimmy.Fan> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17763.3770
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.3770
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Module versions

PS C:\Users\ELK_Jimmy.Fan> Get-Module Az*

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.12.2     Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear...

Error output

PS C:\Users\ELK_Jimmy.Fan> Resolve-AzError
DEBUG: 3:19:26 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 3:19:26 AM - using account id 'b30d73d8-6b5f-4aa7-ab07-cd0c41e9109a'...
DEBUG: 3:19:26 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = [].
Returning default value [True].
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use
`Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other
information on breaking changes in Azure PowerShell.


DEBUG: 3:19:26 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning
default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Accounts:2.12.2; CommandName: Resolve-AzError; PSVersion: 5.1.17763.3770; IsSuccess:
True; Duration: 00:00:00.0163423
DEBUG: 3:19:26 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning
default value [True].
DEBUG: 3:19:26 AM - ResolveError end processing.
@jimvvv jimvvv added bug This issue requires a change to an existing behavior in the product in order to be resolved. needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Jul 20, 2023
@ghost ghost added customer-reported and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Jul 20, 2023
@wyunchi-ms
Copy link
Contributor

Hi @kzkz221 , do you mind to provide more details about the failure? Does the cmdlet throw an exception or just cannot restore it?
And a saw a warning message:

WARNING: Unable to acquire token for tenant 'xxx' with error 'No certificate
thumbprint or secret provided for the given service principal 'xxx'.'

Is this message shows in both nodes?

@wyunchi-ms wyunchi-ms added the needs-author-feedback More information is needed from author to address the issue. label Jul 24, 2023
@jimvvv
Copy link
Author

jimvvv commented Jul 24, 2023
edited
Loading

Hi @wyunchi-ms,

No, this message only showed on the node where Az.Accounts 2.12.2 installed.

I tried the execute Get-AzKeyVaultSecret from the node with Az-Accounts 2.12.2 and it threw the below exception:

Get-AzKeyVaultSecret : Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to
set up your Azure credentials.
No certificate thumbprint or secret provided for the given service principal 'b30d73d8-6b5f-4aa7-ab07-cd0c41e9109a'.
At line:1 char:1
Get-AzKeyVaultSecret -VaultName PROD-REG-EUS2-MOA-VLT1 -Name CRMODS01 ...
CategoryInfo : CloseError: (:) [Get-AzKeyVaultSecret], AzPSArgumentException
FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultSecret

But it works on the other node with Az-Accounts 2.8.0.

I think the issue is that the context is not able to restore for service principle account(application id/key) with Az.Accounts 2.12.2 but it is working with normal Azure account(username/password).

Could you help verify the restore with service principle account?

Thanks!

@ghost ghost added needs-team-attention This issue needs attention from Azure service team or SDK team and removed needs-author-feedback More information is needed from author to address the issue. labels Jul 24, 2023
@msJinLei msJinLei added the Tracking We will track status and follow internally label Jul 25, 2023
@msJinLei msJinLei self-assigned this Jul 25, 2023
@wyunchi-ms
Copy link
Contributor

Got it, we are investigating into this now and will response as soon as we find the root cause.

@msJinLei msJinLei mentioned this issue Jul 28, 2023
Merged
1 task
@msJinLei
Copy link
Contributor

msJinLei commented Aug 1, 2023
edited
Loading

@kzkz221 Originally we store the service principal credentials in the context file (plain text) so that the customer can avoid inputting the credentials frequently. When you run Save-AzContext, we export the credentials into the exported file so that the customer can use it to login automatically from another machine. However, to enhance the security, we are now storing service principal credentials in an encrypted file and remove its plain text storage. That's why when run Save-AzContext, you cannot acquire token because the service principal credentials is removed. You cannot login automatically.
As a workaround, we are going to provide a switch parameter called -WithCredential to Save-AzContext in the next release. You can use this parameter to ask Az.Accounts to export service principal credentials so that you can use the exported file as before.

@LukeDearden
Copy link

LukeDearden commented Aug 21, 2023
edited
Loading

@kzkz221 Originally we store the service principal credentials in the context file (plain text) so that the customer can avoid inputting the credentials frequently. When you run Save-AzContext, we export the credentials into the exported file so that the customer can use it to login automatically from another machine. However, to enhance the security, we are now storing service principal credentials in an encrypted file and remove its plain text storage. That's why when run Save-AzContext, you cannot acquire token because the service principal credentials is removed. You cannot login automatically. As a workaround, we are going to provide a switch parameter called -WithCredential to Save-AzContext in the next release. You can use this parameter to ask Az.Accounts to export service principal credentials so that you can use the exported file as before.

Which version of Az.Accounts was this security enhancement introduced?

We've got a strange issue where Save-AzContext is working as expected on two machines running Az.Accounts 2.11.2 but not on another which had Az.Accounts 2.12.2

We tried rolling back to 2.11.2 but still have the same problem

The context is created using

Connect-AzAccount -CertificateThumbprint $foo -ServicePrincipal -ApplicationId $baa -Tenant $foo

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.20348.1850
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.1850
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Save-AzContext -Path G:\test.json -Force
Save-AzContext : The parameter is incorrect.
At line:1 char:1
+ Save-AzContext -Path G:\test.json -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Save-AzContext], CryptographicException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SaveAzureRMContextCommand
    

Save-AzContext -Path G:\test.json -Force -Debug
DEBUG: 10:35:53 AM - SaveAzureRMContextCommand begin processing with ParameterSet '__AllParameterSets'.

Confirm

DEBUG: 10:35:54 AM - using account id 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx..
DEBUG: 10:35:54 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].

Confirm
Personally identifiable information and secrets may be written to the file at 'G:\test.json'.  Please ensure that the saved file is assigned appropriate access controls

DEBUG: 10:35:55 AM - [ConfigManager] Got [False] from [EnableDataCollection], Module = [], Cmdlet = [].

Confirm
The parameter is incorrect.

Save-AzContext : The parameter is incorrect.
At line:1 char:1
+ Save-AzContext -Path G:\test.json -Force -Debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Save-AzContext], CryptographicException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SaveAzureRMContextCommand

DEBUG: 10:35:56 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Accounts:2.11.2; CommandName: Save-AzContext; PSVersion: 5.1.20348.1850; IsSuccess: False; Duration: 00:00:03.5057523; Exception: The parameter is incorrect.
;
DEBUG: 10:35:56 AM - SaveAzureRMContextCommand end processing.

Resolve-AzError -Last |fl *
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.


InnerException   : False
Exception        : System.Security.Cryptography.CryptographicException: The parameter is incorrect.

                      at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
                      at Microsoft.Identity.Client.Extensions.Msal.DpApiEncryptedFileAccessor.Read()
                      at Microsoft.Identity.Client.Extensions.Msal.Storage.ReadData()
                      at Microsoft.Identity.Client.Extensions.Msal.MsalCacheHelper.LoadUnencryptedTokenCache()
                      at Microsoft.Azure.Commands.ResourceManager.Common.AzureRmProfileConverter.WriteJson(JsonWriter writer, Object value, JsonSerializer serializer)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeConvertable(JsonWriter writer, JsonConverter converter, Object value, JsonContract contract, JsonContainerContract collectionContract,
                   JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeObject(JsonWriter writer, Object value, JsonObjectContract contract, JsonProperty member, JsonContainerContract collectionContract,
                   JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeDictionary(JsonWriter writer, IDictionary values, JsonDictionaryContract contract, JsonProperty member, JsonContainerContract
                   collectionContract, JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeObject(JsonWriter writer, Object value, JsonObjectContract contract, JsonProperty member, JsonContainerContract collectionContract,
                   JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value, Type objectType)
                      at Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value, Type objectType)
                      at Newtonsoft.Json.JsonConvert.SerializeObjectInternal(Object value, Type type, JsonSerializer jsonSerializer)
                      at Newtonsoft.Json.JsonConvert.SerializeObject(Object value, Formatting formatting, JsonConverter[] converters)
                      at Microsoft.Azure.Commands.Common.Authentication.Models.AzureRmProfile.Save(IFileProvider provider, Boolean serializeCache)
                      at Microsoft.Azure.Commands.Common.Authentication.Models.AzureRmProfile.Save(String path, Boolean serializeCache)
                      at Microsoft.Azure.Commands.Profile.SaveAzureRMContextCommand.ExecuteCmdlet()
                      at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Message          : The parameter is incorrect.

StackTrace       :    at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
                      at Microsoft.Identity.Client.Extensions.Msal.DpApiEncryptedFileAccessor.Read()
                      at Microsoft.Identity.Client.Extensions.Msal.Storage.ReadData()
                      at Microsoft.Identity.Client.Extensions.Msal.MsalCacheHelper.LoadUnencryptedTokenCache()
                      at Microsoft.Azure.Commands.ResourceManager.Common.AzureRmProfileConverter.WriteJson(JsonWriter writer, Object value, JsonSerializer serializer)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeConvertable(JsonWriter writer, JsonConverter converter, Object value, JsonContract contract, JsonContainerContract collectionContract,
                   JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeObject(JsonWriter writer, Object value, JsonObjectContract contract, JsonProperty member, JsonContainerContract collectionContract,
                   JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeDictionary(JsonWriter writer, IDictionary values, JsonDictionaryContract contract, JsonProperty member, JsonContainerContract
                   collectionContract, JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeObject(JsonWriter writer, Object value, JsonObjectContract contract, JsonProperty member, JsonContainerContract collectionContract,
                   JsonProperty containerProperty)
                      at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value, Type objectType)
                      at Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value, Type objectType)
                      at Newtonsoft.Json.JsonConvert.SerializeObjectInternal(Object value, Type type, JsonSerializer jsonSerializer)
                      at Newtonsoft.Json.JsonConvert.SerializeObject(Object value, Formatting formatting, JsonConverter[] converters)
                      at Microsoft.Azure.Commands.Common.Authentication.Models.AzureRmProfile.Save(IFileProvider provider, Boolean serializeCache)
                      at Microsoft.Azure.Commands.Common.Authentication.Models.AzureRmProfile.Save(String path, Boolean serializeCache)
                      at Microsoft.Azure.Commands.Profile.SaveAzureRMContextCommand.ExecuteCmdlet()
                      at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
HelpLink         :
ErrorDetails     :
ErrorCategory    : CloseError: (:) [Save-AzContext], CryptographicException
InvocationInfo   : System.Management.Automation.InvocationInfo
ScriptStackTrace : at <ScriptBlock>, <No file>: line 1`

```

msJinLei added a commit to msJinLei/azure-powershell that referenced this issue Aug 21, 2023
@msJinLei
Refill Credentials from AzKeyStore When Save AzContext
43f0659 
fix Azure#22355
@LukeDearden
Copy link

Hi @wyunchi-ms,

No, this message only showed on the node where Az.Accounts 2.12.2 installed.

I tried the execute Get-AzKeyVaultSecret from the node with Az-Accounts 2.12.2 and it threw the below exception:

Get-AzKeyVaultSecret : Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to
set up your Azure credentials.
No certificate thumbprint or secret provided for the given service principal 'b30d73d8-6b5f-4aa7-ab07-cd0c41e9109a'.
At line:1 char:1
Get-AzKeyVaultSecret -VaultName PROD-REG-EUS2-MOA-VLT1 -Name CRMODS01 ...
CategoryInfo : CloseError: (:) [Get-AzKeyVaultSecret], AzPSArgumentException
FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultSecret

But it works on the other node with Az-Accounts 2.8.0.

I think the issue is that the context is not able to restore for service principle account(application id/key) with Az.Accounts 2.12.2 but it is working with normal Azure account(username/password).

Could you help verify the restore with service principle account?

Thanks!

Did you have any success rolling back to a known working version of Az.Accounts?

msJinLei added a commit that referenced this issue Aug 22, 2023
@msJinLei
Refill Credentials from AzKeyStore When Save AzContext (#22440)
b595765 
* Refill Credentials from AzKeyStore When Save AzContext

fix #22355

* Address review comments

* Address review comments
YanaXu added a commit that referenced this issue Aug 25, 2023
@aneeshakella-microsoft @azure-powershell-bot
@Nickcandy @isra-fel @wyunchi-ms @grizzlytheodore @sauravraghuvanshi @YanaXu @BethanyZhou @andreygoran @kevinzz6 @vidai-msft @nalingaddis @coolhome @dolauli @VeryEarly @yifanz7 @dantedallag @yuc-Li @Sandido @msJinLei @mayankkatwal @microsoft-github-policy-service @myun12580
Adding Autoscaling Capabilities to Virtual Network Gateway (#22637)
af1ac14 
* Bump up version for KeyVault (#22511)

* Merge remote-tracking branch 'upstream/main' into lnx/azurecore (#22349)

Co-authored-by: Yeming Liu <[email protected]>

* Exclude the api-version in typename when checking the breaking change of cmdlet output (#22495)

* Exclude the api-version in typename when checking the breaking change of cmdlet output

* Rename the function

* fix Get-AzVmRunCommand bug  (#22460)

* fix bug

* changelog

---------

Co-authored-by: Theodore Chang <[email protected]>

* Add permission for pr-label github actions (#22481)

* Add permission for pr-label github actions

* Add permission for pr-label github actions

* Add permission for pr-label github actions

* Add permission for pr-label github actions

* Update Remove-AzApiManagementApiFromGateway.md (#22505)

Added the example of removing an API from a managed gateway. Users are not able to achieve it by following the first example and raising questions using support tickets.

* Migrate StackHCI from generation to main (#22541)

* Move StackHCI to main

* udpate changelog

---------

Co-authored-by: YanaXu <[email protected]>

* [KeyVault] Support MHSM Settings (#22525)

* wip

* add update-azkeyvaultsetting and help docs

* add example for settings

* add change log

* add live test

* fix

* fix

* Migrate ContainerInstance from generation to main (#22537)

* Move ContainerInstance to main

* Create containerGroups-containers.json

* Create containerGroups.json

---------

Co-authored-by: Beisi Zhou <[email protected]>

* Updated ChangeLog.md for Az.ContainerInstance (#22550)

* Updated ChangeLog.md for Az.ContainerInstance

* Update src/ContainerInstance/ChangeLog.md

---------

Co-authored-by: Beisi Zhou <[email protected]>

* [Synapse] Update artifact to 1.0.0-preview.18 (#22452)

* update artifact to 18

* fix change log error

* workaround the assembly loading issue (#22551)

* [Compute] update sdk package reference for Compute  (#22459)

* update SDK reference

* resolve breaking change

* update package reference

* breaking change mitigation

* breaking change suppression

* re-record ssh test with latest compute API call

---------

Co-authored-by: Theodore Chang <[email protected]>

* Bump up version for StackHCI (#22543)

* Compute migration to track 1 deprecation  (#21949)

* add compute.sdk project reference

* add sdk folder

* address comments

* update commit version to inputs

* rename Compute.Sdk folder to Compute.Management.Sdk

* resolve xmls, change compute.sdk reference to compute.management.sdk

* remove SDK reference.  generate track 1 with latest DiskRP version

* Update src/Compute/Compute.Management.Sdk/README.md

Co-authored-by: Vincent Dai <[email protected]>

* fix autorest cmd

* update autorest gen

* Update Compute.Management.Sdk.csproj

* generated with latest swagger versions. 2023-04-02 diskRP 2023-07-01 CRP

* update assembly version of sdk

---------

Co-authored-by: Theodore Chang <[email protected]>
Co-authored-by: Vincent Dai <[email protected]>

* [KeyVault] Added security domain properties into PSManagedHsm (#22540)

* Refresh track 1 SDK

* Added security domain properties into the output of New/Update/Get-AzKeyVaultManagedHsm (PSManagedHsm)

* Refresh example

* hibernate parameter for Stop-AzVmss (#22560)

Co-authored-by: Theodore Chang <[email protected]>

* Update PrLabeled.ps1 (#22553)

* Adding XenonMV3 Support (#22530)

* adding PremiumMV3 to Xenon list

* updating changelog

---------

Co-authored-by: Nalin Gaddis <[email protected]>

* Upgraded vulnerable DLLs after upgrading PowerShell SDK (#22566)

* Update New-AzVirtualNetworkSubnetConfig.md (#22561)

`New-AzVirtualSubnetConfig` does not exists but `New-AzVirtualNetworkSubnetConfig` does.

* Generate aks sdk with autorest.powershell (#22501)

* Generate aks sdk with autorest.powershell

* Suppress breaking changes caused by character case change

* [KeyVault] Add live tests for MHSM Settings (#22570)

* Add live tests for MHSM Settings

* enable all test cases

* [Config] add config to disable write error to file system (#22529)

* disable error records persistence

* add keys

* upgrade common version

* polish help message for 'DisableErrorRecordsPersistence'

* Update src/Accounts/Authentication/Properties/Resources.resx

Co-authored-by: Yeming Liu <[email protected]>

* remove debug parameters for get/clear/update config

* update environment variable name to AzPSDisableErrorRecordsPersistence

---------

Co-authored-by: Yeming Liu <[email protected]>

* Updated email notification to support multi-recipients (#22577)

* Use autorest.powershell to generate AlertsManagement SDK to replace the track 1 SDK (#22579)

* [Storage] Support encryption context property when creating a datalakegen2 item  (#22563)

* encryption context

* Add changelog

* update test dependency and help file

* Add an example for encryption context

* Migrate StackHCI from generation to main (#22588)

* Move StackHCI to main

* update changelog

---------

Co-authored-by: YanaXu <[email protected]>

* Support deployment stack object as input parameter for Save-Az*DeploymentStack and Remove-Az*DeploymentStack cmdlets (#22519)

* implemented stack object parameter sets for save and remove cmdlets

* adjust tests and session records

* adjusted changelog to reflect changes

* adjust testing formatting

* updating help docs

* update cmdlets and help docs for renamed parameter

* update sessions record tests

* Migrate DataMigration from generation to main (#22574)

* Move DataMigration to main

* update ChangeLog

---------

Co-authored-by: YanaXu <[email protected]>

* change breaking change info (#22571)

* Fixed type conversion issue when sending email in live test (#22596)

* Skip Accounts when run static analysis check in generation ci (#22597)

* [HDInsight] Add warning message for break changes which plan to release in Nov. (#22578)

* Update Azure.Core from 1.31.0 to 1.33.0

* replace models

* Revert "replace models"

This reverts commit d1a1de3.

* add Warning message 1

* Update Azure.Core version to 1.34

* revert added package.

* Update change log

* Update changelog

* move changelog to Upcoming release

---------

Co-authored-by: v-yuchenli <[email protected]>

* Update code-oob.yml for Azure Pipelines (#22591)

* Update code-oob.yml for Azure Pipelines

* Update code-oob.yml for Azure Pipelines

* Update code-oob.yml for Azure Pipelines

* Update code-oob.yml for Azure Pipelines

* Update code-oob.yml for Azure Pipelines

* [KeyVault] Formatted the table view of outputs (#22580)

* Formatted the table view of *-AzKeyVault, *-AzKeyVaultKey and *-AzKeyVaultSecret

* format cert

* reorg folder constructure

* Update src/KeyVault/KeyVault.Test/UnitTests/SetKeyVaultSecretTests.cs

* Update src/KeyVault/KeyVault.Test/UnitTests/RemoveKeyVaultSecretTests.cs

* Update src/KeyVault/KeyVault/KeyVault.csproj

* Update Maintenance ChangeLog.md (#22602)

* Update ChangeLog.md

* Update ChangeLog.md

* Update ChangeLog.md

* Skip Accounts when run static analysis check in generation ci (#22603)

* Skip Accounts when run static analysis check in generation ci

* Skip Accounts when run static analysis check in generation ci

* Skip Accounts when run static analysis check in generation ci

* Add SecurityType of Standard to VM and VMSS cmdlets for Trusted Launch, includes breaking changes (#22534)

* initial dev

* successful test 1

* vmss test and rest of dev

* vmss with config test

* vm with config test

* tests fixed maybe 1 fails

* static analysis

* remove vmss validation

* null check

* changelog and help doc

* constant values

* clean

* valids and clean

* Update BreakingChangeIssues.csv

* remove breaking

* Update BreakingChangeIssues.csv

* Sign old modules (#22609)

* Update ChangeLog.md

* Update ChangeLog.md

* Update ChangeLog.md

* Update ChangeLog.md

* Update ChangeLog.md

* Migrate SqlVirtualMachine from generation to main (#22608)

* Move SqlVirtualMachine to main

* update Changelog

---------

Co-authored-by: YanaXu <[email protected]>

* Migrate EventHub from generation to main (#22610)

* Move EventHub to main

* update ChangeLog

---------

Co-authored-by: YanaXu <[email protected]>

* Refill Credentials from AzKeyStore When Save AzContext (#22440)

* Refill Credentials from AzKeyStore When Save AzContext

fix #22355

* Address review comments

* Address review comments

* CosmosDB - New Restore Parameter (#22585)

* restore new param public network access

* minor fixes

* test change

* stable changes 1

* md param def changed

* reverting test changes for build

* restore ts

* test and test recording

* Migrate KeyVault from generation to main (#22621)

* Move KeyVault to main

* Update ChangeLog.md

---------

Co-authored-by: Beisi Zhou <[email protected]>

* FabricBot: Onboarding to GitOps.ResourceManagement because of FabricBot decommissioning (#22343)

* Add prIssueManagement.yml to onboard repo to GitOps.ResourceManagement as FabricBot replacement

Owners of the FabricBot configuration should have received email notification. The same information contained in the email is published internally at: https://aka.ms/gim/fabricbot. Details on the replacement service and the syntax of the new yaml configuration file is available publicly at: https://microsoft.github.io/GitOps/policies/resource-management.html

Please review and merge this PR to complete the process of onboarding to the new service.

* Deleting fabricbot.json

* Update resourceManagement.yml

---------

Co-authored-by: microsoft-github-policy-service[bot] <77245923+microsoft-github-policy-service[bot]@users.noreply.github.com>
Co-authored-by: Vincent Dai <[email protected]>

* [KeyVault] Update TestSetting.ps1 to run on one platform and latest powershell (#22618)

* Update TestSetting.ps1

* Update KeyVault.sln

* first set of changes

* created initial powershell for ergwscale

* edited changelog

* update warning message (#22619)

* Fix to only include non-empty ExtendedLocation (#22630)

* Fix to only include non-empty ExtendedLocation

* Updated ChangeLog.md

* Remove PS 7.0 from smoke test (#22569)

* Alias Set-AzConfig (#22629)

* updated files due to failing test

* formatting changes

* formatting changes

* Revert "formatting changes"

This reverts commit d8900c5.

* Revert " fixed merge issues"

This reverts commit bc4af78, reversing
changes made to d8900c5.

* finished changes

* formatting

* formatting

* formatting

* edited ChangeLog

* added empty line

* added empty line between 6.1.1 and 6.1.0

---------

Co-authored-by: Azure PowerShell <[email protected]>
Co-authored-by: NanxiangLiu <[email protected]>
Co-authored-by: Yeming Liu <[email protected]>
Co-authored-by: Yunchi Wang <[email protected]>
Co-authored-by: Theodore Chang <[email protected]>
Co-authored-by: Theodore Chang <[email protected]>
Co-authored-by: Saurav Raghuvanshi <[email protected]>
Co-authored-by: YanaXu <[email protected]>
Co-authored-by: Beisi Zhou <[email protected]>
Co-authored-by: Andrey Goran <[email protected]>
Co-authored-by: kevinzz6 <[email protected]>
Co-authored-by: Vincent Dai <[email protected]>
Co-authored-by: Nalin Gaddis <[email protected]>
Co-authored-by: Nalin Gaddis <[email protected]>
Co-authored-by: Preston Alvarado <[email protected]>
Co-authored-by: Xiaogang <[email protected]>
Co-authored-by: Yabo Hu <[email protected]>
Co-authored-by: yifanz7 <[email protected]>
Co-authored-by: Dante <[email protected]>
Co-authored-by: yuc-Li <[email protected]>
Co-authored-by: v-yuchenli <[email protected]>
Co-authored-by: Adam Sandor <[email protected]>
Co-authored-by: Jin Lei <[email protected]>
Co-authored-by: mayankkatwal <[email protected]>
Co-authored-by: microsoft-github-policy-service[bot] <77245923+microsoft-github-policy-service[bot]@users.noreply.github.com>
Co-authored-by: myun12580 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msJinLei msJinLei

Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported needs-team-attention This issue needs attention from Azure service team or SDK team Tracking We will track status and follow internally
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refill Credentials from AzKeyStore When Save AzContext msJinLei/azure-powershell
4 participants
@jimvvv @LukeDearden @msJinLei @wyunchi-ms