Sync Az.Accounts-5.0.1 OOB to Main (#27846)

Co-authored-by: azure-powershell-bot <65331932+azure-powershell-bot@users.noreply.github.com>

Author: msJinLei

src/Accounts/Accounts.Test/AccessTokenCmdletTest.cs

@@ -14,7 +14,6 @@
 
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
-using Microsoft.Azure.Commands.Common.Authentication.Abstractions.Interfaces;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.Profile;
 using Microsoft.Azure.Commands.Profile.Models;
@@ -40,18 +39,14 @@ namespace Microsoft.Azure.Commands.ResourceManager.Common.Test
 {
     public class AccessTokenCmdletTests
     {
-        private GetAzureRmAccessTokenCommand cmdlet;
         private Mock<IAuthenticationFactory> factoryMock = new Mock<IAuthenticationFactory>();
         private MockCommandRuntime mockedCommandRuntime;
         private IAuthenticationFactory previousFactory = null;
 
         private string tenantId = Guid.NewGuid().ToString();
 
-        public AccessTokenCmdletTests(ITestOutputHelper output)
+        private GetAzureRmAccessTokenCommand CreateCommand()
         {
-            TestExecutionHelpers.SetUpSessionAndProfile();
-            XunitTracingInterceptor.AddToContext(new XunitTracingInterceptor(output));
-            AzureSession.Instance.RegisterComponent<AuthenticationTelemetry>(AuthenticationTelemetry.Name, () => new AuthenticationTelemetry());
             var defaultContext = new AzureContext(
                 new AzureSubscription()
                 {
@@ -70,29 +65,40 @@ public AccessTokenCmdletTests(ITestOutputHelper output)
                 });
 
             mockedCommandRuntime = new MockCommandRuntime();
-            cmdlet = new GetAzureRmAccessTokenCommand()
+            var cmdlet = new GetAzureRmAccessTokenCommand()
             {
                 CommandRuntime = mockedCommandRuntime,
                 DefaultProfile = new AzureRmProfile()
             };
             cmdlet.DefaultProfile.DefaultContext = defaultContext;
+            return cmdlet;
+        }
+
+        public AccessTokenCmdletTests(ITestOutputHelper output)
+        {
+            TestExecutionHelpers.SetUpSessionAndProfile();
+            XunitTracingInterceptor.AddToContext(new XunitTracingInterceptor(output));
+            AzureSession.Instance.RegisterComponent<AuthenticationTelemetry>(AuthenticationTelemetry.Name, () => new AuthenticationTelemetry());
+
         }
 
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestGetAccessTokenAsPlainText()
         {
             // Setup
+            var cmdlet = CreateCommand();
             cmdlet.TenantId = tenantId;
             var fakeToken = "eyfaketoken.eyfaketoken";
             Environment.SetEnvironmentVariable(Constants.AzPsOutputPlainTextAccessToken, bool.TrueString);
 
-            var expected = new PSAccessToken { 
+            var expected = new PSAccessToken
+            {
                 UserId = "faker@contoso.com",
                 TenantId = cmdlet.TenantId,
                 Token = fakeToken
             };
- 
+
             factoryMock.Setup(t => t.Authenticate(
                 It.IsAny<IAzureAccount>(),
                 It.IsAny<IAzureEnvironment>(),
@@ -132,6 +138,110 @@ public void TestGetAccessTokenAsPlainText()
         public void TestGetAccessTokenAsSecureString()
         {
             // Setup
+            var cmdlet = CreateCommand();
+            cmdlet.TenantId = tenantId;
+            var fakeToken = "eyfaketoken.eyfaketoken";
+
+            var expected = new PSSecureAccessToken();
+            expected.UserId = "faker@contoso.com";
+            expected.TenantId = cmdlet.TenantId;
+            expected.Token = fakeToken.ConvertToSecureString();
+
+
+            factoryMock.Setup(t => t.Authenticate(
+                It.IsAny<IAzureAccount>(),
+                It.IsAny<IAzureEnvironment>(),
+                It.IsAny<string>(),
+                It.IsAny<SecureString>(),
+                It.IsAny<string>(),
+                It.IsAny<Action<string>>(),
+                It.IsAny<IDictionary<string, object>>())).Returns(new MockAccessToken
+                {
+                    UserId = expected.UserId,
+                    LoginType = LoginType.OrgId,
+                    AccessToken = fakeToken,
+                    TenantId = expected.TenantId
+                });
+            previousFactory = AzureSession.Instance.AuthenticationFactory;
+            AzureSession.Instance.AuthenticationFactory = factoryMock.Object;
+
+            // Act
+            cmdlet.InvokeBeginProcessing();
+            cmdlet.ExecuteCmdlet();
+            cmdlet.InvokeEndProcessing();
+
+            //Verify
+            Assert.Single(mockedCommandRuntime.OutputPipeline);
+            var outputPipeline = mockedCommandRuntime.OutputPipeline;
+            Assert.Equal(expected.TenantId, ((PSSecureAccessToken)outputPipeline.First()).TenantId);
+            Assert.Equal(expected.UserId, ((PSSecureAccessToken)outputPipeline.First()).UserId);
+            Assert.Equal("Bearer", ((PSSecureAccessToken)outputPipeline.First()).Type);
+            var expectedToken = expected.Token.ConvertToString();
+            var actualToken = ((PSSecureAccessToken)outputPipeline.First()).Token.ConvertToString();
+            Assert.Equal(expectedToken, actualToken);
+
+            AzureSession.Instance.AuthenticationFactory = previousFactory;
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestGetAccessTokenAsSecureStringWhenHasEnvVarAndAsSecureString()
+        {
+            // Setup
+            var cmdlet = CreateCommand();
+            cmdlet.TenantId = tenantId;
+            cmdlet.AsSecureString = true;
+            var fakeToken = "eyfaketoken.eyfaketoken";
+            Environment.SetEnvironmentVariable(Constants.AzPsOutputPlainTextAccessToken, bool.TrueString);
+
+            var expected = new PSSecureAccessToken();
+            expected.UserId = "faker@contoso.com";
+            expected.TenantId = cmdlet.TenantId;
+            expected.Token = fakeToken.ConvertToSecureString();
+
+
+            factoryMock.Setup(t => t.Authenticate(
+                It.IsAny<IAzureAccount>(),
+                It.IsAny<IAzureEnvironment>(),
+                It.IsAny<string>(),
+                It.IsAny<SecureString>(),
+                It.IsAny<string>(),
+                It.IsAny<Action<string>>(),
+                It.IsAny<IDictionary<string, object>>())).Returns(new MockAccessToken
+                {
+                    UserId = expected.UserId,
+                    LoginType = LoginType.OrgId,
+                    AccessToken = fakeToken,
+                    TenantId = expected.TenantId
+                });
+            previousFactory = AzureSession.Instance.AuthenticationFactory;
+            AzureSession.Instance.AuthenticationFactory = factoryMock.Object;
+
+            // Act
+            cmdlet.InvokeBeginProcessing();
+            cmdlet.ExecuteCmdlet();
+            cmdlet.InvokeEndProcessing();
+
+            //Verify
+            Assert.Single(mockedCommandRuntime.OutputPipeline);
+            var outputPipeline = mockedCommandRuntime.OutputPipeline;
+            Assert.Equal(expected.TenantId, ((PSSecureAccessToken)outputPipeline.First()).TenantId);
+            Assert.Equal(expected.UserId, ((PSSecureAccessToken)outputPipeline.First()).UserId);
+            Assert.Equal("Bearer", ((PSSecureAccessToken)outputPipeline.First()).Type);
+            var expectedToken = expected.Token.ConvertToString();
+            var actualToken = ((PSSecureAccessToken)outputPipeline.First()).Token.ConvertToString();
+            Assert.Equal(expectedToken, actualToken);
+
+            Environment.SetEnvironmentVariable(Constants.AzPsOutputPlainTextAccessToken, null);
+            AzureSession.Instance.AuthenticationFactory = previousFactory;
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestGetAccessTokenAsSecureStringWhenHasSecureString()
+        {
+            // Setup
+            var cmdlet = CreateCommand();
             cmdlet.TenantId = tenantId;
             cmdlet.AsSecureString = true;
             var fakeToken = "eyfaketoken.eyfaketoken";

src/Accounts/Accounts/Az.Accounts.psd1

@@ -3,7 +3,7 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 5/14/2025
+# Generated on: 5/23/2025
 #
 
 @{
@@ -12,7 +12,7 @@
 # RootModule = ''
 
 # Version number of this module.
-ModuleVersion = '5.0.0'
+ModuleVersion = '5.0.1'
 
 # Supported PSEditions
 CompatiblePSEditions = 'Core', 'Desktop'
@@ -146,9 +146,7 @@ PrivateData = @{
         # IconUri = ''
 
         # ReleaseNotes of this module
-        ReleaseNotes = '* Changed the default output access token of ''Get-AzAccessToken'' from plain text to ''SecureString''.
-* Removed the warning message about failing to initialize PSStyle in automation runbooks. [#26155]
-* Increased the timeout for tab-completion of location, resource group, etc. to 10 seconds.'
+        ReleaseNotes = '* Force ''Get-AzAccessToken'' to always return SecureString as long as ''AsSecureString'' is set'
 
         # Prerelease string of this module
         # Prerelease = ''

src/Accounts/Accounts/ChangeLog.md

@@ -21,6 +21,9 @@
 ## Upcoming Release
 * Upgrade Azure.Core to 1.45.0
 
+## Version 5.0.1
+* Force `Get-AzAccessToken` to always return SecureString as long as `AsSecureString` is set
+
 ## Version 5.0.0
 * Changed the default output access token of `Get-AzAccessToken` from plain text to `SecureString`.
 * Removed the warning message about failing to initialize PSStyle in automation runbooks. [#26155]

src/Accounts/Accounts/Properties/AssemblyInfo.cs

@@ -43,8 +43,8 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 
-[assembly: AssemblyVersion("5.0.0")]
-[assembly: AssemblyFileVersion("5.0.0")]
+[assembly: AssemblyVersion("5.0.1")]
+[assembly: AssemblyFileVersion("5.0.1")]
 #if !SIGN
 [assembly: InternalsVisibleTo("Microsoft.Azure.PowerShell.Cmdlets.Accounts.Test")]
 #endif

src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs

@@ -156,7 +156,7 @@ public override void ExecuteCmdlet()
                 //Throw exception when the caller doesn't have permission.
                 //Use SecureString only when AZUREPS_OUTPUT_PLAINTEXT_AZACCESSTOKEN is successfully set.
             }
-            if (usePlainText)
+            if (usePlainText && !AsSecureString)
             {
                 WriteObject(result);
             }

src/Accounts/AssemblyLoading/Properties/AssemblyInfo.cs

@@ -42,5 +42,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("5.0.0")]
-[assembly: AssemblyFileVersion("5.0.0")]
+[assembly: AssemblyVersion("5.0.1")]
+[assembly: AssemblyFileVersion("5.0.1")]

src/Accounts/Authentication/Properties/AssemblyInfo.cs

@@ -43,8 +43,8 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("5.0.0")]
-[assembly: AssemblyFileVersion("5.0.0")]
+[assembly: AssemblyVersion("5.0.1")]
+[assembly: AssemblyFileVersion("5.0.1")]
 #if !SIGN
 [assembly: InternalsVisibleTo("Microsoft.Azure.PowerShell.Authentication.Test")]
 #endif

src/Accounts/AuthenticationAssemblyLoadContext/Properties/AssemblyInfo.cs

@@ -42,5 +42,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("5.0.0")]
-[assembly: AssemblyFileVersion("5.0.0")]
+[assembly: AssemblyVersion("5.0.1")]
+[assembly: AssemblyFileVersion("5.0.1")]

src/Accounts/Authenticators/Properties/AssemblyInfo.cs

@@ -48,5 +48,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("5.0.0")]
-[assembly: AssemblyFileVersion("5.0.0")]
+[assembly: AssemblyVersion("5.0.1")]
+[assembly: AssemblyFileVersion("5.0.1")]

tools/Az/Az.psd1

@@ -52,7 +52,7 @@ DotNetFrameworkVersion = '4.7.2'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '5.0.0'; }, 
+RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '5.0.1'; }, 
                @{ModuleName = 'Az.Advisor'; RequiredVersion = '2.1.0'; }, 
                @{ModuleName = 'Az.Aks'; RequiredVersion = '7.0.0'; }, 
                @{ModuleName = 'Az.AnalysisServices'; RequiredVersion = '1.2.0'; },