Change Get-AzAccessToken to Get-AzAccessToken -AsSecureString (Azure#…

…26508)
azure-sdk · Oct 29, 2024 · d576860 · d576860
1 parent b1978c3
commit d576860
Show file tree

Hide file tree

Showing 9 changed files with 14 additions and 10 deletions.
diff --git a/src/AppComplianceAutomation/AppComplianceAutomation.Autorest/custom/Utils.ps1 b/src/AppComplianceAutomation/AppComplianceAutomation.Autorest/custom/Utils.ps1
@@ -62,7 +62,8 @@ function Get-Token {
     [Microsoft.Azure.PowerShell.Cmdlets.AppComplianceAutomation.DoNotExportAttribute()]
     param()
     try {
-        return "Bearer " + (Get-AzAccessToken).Token
+        $token = . "$PSScriptRoot/../utils/Unprotect-SecureString.ps1" (Get-AzAccessToken -AsSecureString).Token
+        return "Bearer " + $token
     }
     catch {}
     return ""

diff --git a/src/AppComplianceAutomation/AppComplianceAutomation/ChangeLog.md b/src/AppComplianceAutomation/AppComplianceAutomation/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Used `Get-AzAccessToken -AsSecureString` inside the `AppComplianceAutomation` for the plain text version is going to be deprecate in the next release.
 
 ## Version 0.1.1
 * Fixed secrets exposure in example documentation.

diff --git a/src/Functions/Functions.Autorest/custom/HelperFunctions.ps1 b/src/Functions/Functions.Autorest/custom/HelperFunctions.ps1
@@ -1776,7 +1776,7 @@ function GetFunctionAppStackDefinition
     }
 
     Write-Debug "$DEBUG_PREFIX Get AccessToken."
-    $token = (Get-AzAccessToken).Token
+    $token =  . "$PSScriptRoot/../utils/Unprotect-SecureString.ps1" (Get-AzAccessToken -AsSecureString).Token
     $headers = @{
         Authorization="Bearer $token"
     }
@@ -1814,7 +1814,7 @@ function GetFunctionAppStackDefinition
             if ($result.StatusCode -eq 401)
             {
                 # Get a new access token, create new headers and retry
-                $token = (Get-AzAccessToken).Token
+                $token =  . "$PSScriptRoot/../utils/Unprotect-SecureString.ps1" (Get-AzAccessToken -AsSecureString).Token
 
                 $headers = @{
                     Authorization = "Bearer $token"

diff --git a/src/Functions/Functions/ChangeLog.md b/src/Functions/Functions/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Used `Get-AzAccessToken -AsSecureString` inside the `Functions` for the plain text version is going to be deprecate in the next release.
 
 ## Version 4.1.0
 * Upgraded to Microsoft.Web API version 2023-12-01 [#25347]

diff --git a/src/LabServices/LabServices.Autorest/test/WebRequestHandler.psm1 b/src/LabServices/LabServices.Autorest/test/WebRequestHandler.psm1
@@ -120,12 +120,12 @@ function Get-CallerPreference {
 
 function GetHeaderWithAuthToken {
 
-    $authToken = Get-AzAccessToken
-    #Write-Host $authToken
+    $token = . "$PSScriptRoot/../utils/Unprotect-SecureString.ps1" (Get-AzAccessToken -AsSecureString).Token
+    #Write-Host $token
 
     $header = @{
         'Content-Type'  = 'application/json'
-        "Authorization" = "Bearer " + $authToken.Token
+        "Authorization" = "Bearer " + $token
         "Accept"        = "application/json;odata=fullmetadata"
     }
 

diff --git a/src/SecurityInsights/SecurityInsights.Autorest/test/common.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/test/common.ps1
@@ -519,7 +519,7 @@ Function Create-ThreatIntelligenceIndicator{
     #    $null = $env.Add(($PSVerb+'threatIntelligenceIndicatorId'), $threatIntelligenceIndicatorId)
     #    $null = $env.Add(($PSVerb+'threatIntelligenceIndicatorIP'), $IP)
     #}
-    $tiToken = (Get-AzAccessToken).Token
+    $tiToken = . "$PSScriptRoot/../utils/Unprotect-SecureString.ps1" (Get-AzAccessToken -AsSecureString).Token
     $tiHeaders = @{
         Authorization="Bearer $tiToken"
         Content='application/json'

diff --git a/src/SecurityInsights/SecurityInsights.Autorest/test/utils.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/test/utils.ps1
@@ -45,9 +45,9 @@ function setupEnv() {
     $env.Tenant = (Get-AzContext).Tenant.Id
 
     #needed for custom api call
-    $Token = (Get-AzAccessToken).Token
+    $token = . "$PSScriptRoot/../utils/Unprotect-SecureString.ps1" (Get-AzAccessToken -AsSecureString).Token
     $Header = @{
-        Authorization="Bearer $Token"
+        Authorization="Bearer $token"
         Content='application/json'
     }
 

diff --git a/src/ServiceLinker/ServiceLinker.Autorest/custom/Common.ps1 b/src/ServiceLinker/ServiceLinker.Autorest/custom/Common.ps1
@@ -56,7 +56,7 @@ function Set-Header {
         if($PSBoundParameters.ContainsKey("VNetSolutionType") -Or $PSBoundParameters.ContainsKey("SecretStoreKeyVaultId") `
             -Or $provider -eq "microsoft.keyvault" -Or $resourceType -eq "flexibleservers") {
             if(-Not $PSBoundParameters.ContainsKey('XmsServiceconnectorUserToken')){
-                $PSBoundParameters['XmsServiceconnectorUserToken'] = (Get-AzAccessToken).Token
+                $PSBoundParameters['XmsServiceconnectorUserToken'] = . "$PSScriptRoot/../utils/Unprotect-SecureString.ps1" (Get-AzAccessToken -AsSecureString).Token
             }
         }
     } 

diff --git a/src/ServiceLinker/ServiceLinker/ChangeLog.md b/src/ServiceLinker/ServiceLinker/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Used `Get-AzAccessToken -AsSecureString` inside the `ServiceLinker` for the plain text version is going to be deprecate in the next release.
 
 ## Version 0.2.1
 * Introduced secrets detection feature to safeguard sensitive data.