@@ -102,7 +102,7 @@ $DisablingIMDSOnNode = "Disabling AzureStack HCI IMDS Attestation on {0}"
102102$RemovingVmImdsFromNode = " Removing AzureStack HCI IMDS Attestation from guests on {0}"
103103$AttestationNotEnabled = " The IMDS Service on {0} needs to be activated. This is required before guests can be configured. Run Enable-AzStackHCIAttestation cmdlet."
104104$ErrorAddingAllVMs = " Did not add all guests. Try running Add-AzStackHCIVMAttestation on each node manually."
105-
105+ $MaskString = " XXXXXXX "
106106# endregion
107107
108108# region Constants
@@ -364,9 +364,14 @@ Function Print-FunctionParameters{
364364 if ([System.Management.Automation.PSCmdlet ]::CommonParameters -contains $param.key ) {
365365 continue
366366 }
367- if ($param.key -in @ (" ArmAccessToken" , " ArcSpnCredential" , " Credential" , " AccountId" , " GraphAccessToken" continue }
368-
369- $body.add ($param.Key , $param.Value )
367+ if ($param.key -in @ (" ArmAccessToken" , " ArcSpnCredential" , " Credential" , " AccountId" , " GraphAccessToken" , " AccessToken"
368+ {
369+ $body.add ($param.Key , $MaskString )
370+ }
371+ else
372+ {
373+ $body.add ($param.Key , $param.Value )
374+ }
370375 }
371376 return " Parameters for {0} are: {1}" -f $Message , ($body | Out-String )
372377}
@@ -854,7 +859,7 @@ param(
854859
855860 Disconnect-AzAccount - ErrorAction Ignore | Out-Null
856861
857- if ([string ]::IsNullOrEmpty($ArmAccessToken ) -or [string ]::IsNullOrEmpty($GraphAccessToken ) -or [ string ]::IsNullOrEmpty( $ AccountId
862+ if ([string ]::IsNullOrEmpty($ArmAccessToken ) -or [string ]::IsNullOrEmpty($AccountId ))
858863 {
859864 # Interactive login
860865
@@ -865,27 +870,49 @@ param(
865870 Write-VerboseLog (" attempting login without TenantID"
866871 if (($UseDeviceAuthentication -eq $false ) -and ($IsIEPresent ))
867872 {
868- Connect-AzAccount - Environment $ConnectAzAccountEnvironmentName - SubscriptionId $SubscriptionId - Scope Process | Out-Null
873+ $AZConnectParams = @ {
874+ Environment = $ConnectAzAccountEnvironmentName
875+ SubscriptionId = $SubscriptionId
876+ Scope = " Process"
877+ }
869878 }
870879 else # Use -UseDeviceAuthentication as IE Frame is not available to show Azure login popup
871880 {
872881 Write-Progress - Id $MainProgressBarId - activity $ProgressActivityName - Completed # Hide progress activity as it blocks the console output
873- Connect-AzAccount - Environment $ConnectAzAccountEnvironmentName - SubscriptionId $SubscriptionId - UseDeviceAuthentication - Scope Process | Out-Null
882+ $AZConnectParams = @ {
883+ Environment = $ConnectAzAccountEnvironmentName
884+ SubscriptionId = $SubscriptionId
885+ Scope = " Process"
886+ UseDeviceAuthentication = $true
887+ }
874888 }
875889 }
876890 else
877891 {
878892 Write-VerboseLog (" Attempting login with TenantID: $TenantId "
879893 if (($UseDeviceAuthentication -eq $false ) -and ($IsIEPresent ))
880894 {
881- Connect-AzAccount - Environment $ConnectAzAccountEnvironmentName - TenantId $TenantId - SubscriptionId $SubscriptionId - Scope Process | Out-Null
895+ $AZConnectParams = @ {
896+ Environment = $ConnectAzAccountEnvironmentName
897+ SubscriptionId = $SubscriptionId
898+ TenantId = $TenantId
899+ Scope = " Process"
900+ }
882901 }
883902 else # Use -UseDeviceAuthentication as IE Frame is not available to show Azure login popup
884903 {
885904 Write-Progress - Id $MainProgressBarId - activity $ProgressActivityName - Completed # Hide progress activity as it blocks the console output
886- Connect-AzAccount - Environment $ConnectAzAccountEnvironmentName - TenantId $TenantId - SubscriptionId $SubscriptionId - UseDeviceAuthentication - Scope Process | Out-Null
905+ $AZConnectParams = @ {
906+ Environment = $ConnectAzAccountEnvironmentName
907+ SubscriptionId = $SubscriptionId
908+ TenantId = $TenantId
909+ UseDeviceAuthentication = $true
910+ Scope = " Process"
911+ }
887912 }
888913 }
914+ Write-InfoLog $ (Print- FunctionParameters - Message " Connect-AzAccount" - Parameters $AZConnectParams )
915+ Connect-AzAccount @AZConnectParams | Out-Null
889916 $azContext = Get-AzContext
890917 $TenantId = $azContext.Tenant.Id
891918 }
@@ -896,13 +923,59 @@ param(
896923 if ([string ]::IsNullOrEmpty($TenantId ))
897924 {
898925 Write-VerboseLog (" attempting login without TenantID"
899- Connect-AzAccount - Environment $ConnectAzAccountEnvironmentName - SubscriptionId $SubscriptionId - AccessToken $ArmAccessToken - AccountId $AccountId - GraphAccessToken $GraphAccessToken - Scope Process | Out-Null
926+ if (-not [string ]::IsNullOrEmpty($GraphAccessToken ))
927+ {
928+ Write-VerboseLog (" Using Graph AccessToken"
929+ $AZConnectParams = @ {
930+ Environment = $ConnectAzAccountEnvironmentName
931+ SubscriptionId = $SubscriptionId
932+ AccessToken = $ArmAccessToken
933+ AccountId = $AccountId
934+ GraphAccessToken = $GraphAccessToken
935+ Scope = " Process"
936+ }
937+ }
938+ else
939+ {
940+ $AZConnectParams = @ {
941+ Environment = $ConnectAzAccountEnvironmentName
942+ SubscriptionId = $SubscriptionId
943+ AccessToken = $ArmAccessToken
944+ AccountId = $AccountId
945+ Scope = " Process"
946+ }
947+ }
900948 }
901949 else
902950 {
903951 Write-VerboseLog (" attempting login with TenantID"
904- Connect-AzAccount - Environment $ConnectAzAccountEnvironmentName - TenantId $TenantId - SubscriptionId $SubscriptionId - AccessToken $ArmAccessToken - AccountId $AccountId - GraphAccessToken $GraphAccessToken - Scope Process | Out-Null
952+ if ( -not [string ]::IsNullOrEmpty($GraphAccessToken ))
953+ {
954+ Write-VerboseLog (" Using Graph AccessToken"
955+ $AZConnectParams = @ {
956+ Environment = $ConnectAzAccountEnvironmentName
957+ TenantId = $TenantId
958+ SubscriptionId = $SubscriptionId
959+ AccessToken = $ArmAccessToken
960+ AccountId = $AccountId
961+ GraphAccessToken = $GraphAccessToken
962+ Scope = " Process"
963+ }
964+ }
965+ else
966+ {
967+ $AZConnectParams = @ {
968+ Environment = $ConnectAzAccountEnvironmentName
969+ TenantId = $TenantId
970+ SubscriptionId = $SubscriptionId
971+ AccessToken = $ArmAccessToken
972+ AccountId = $AccountId
973+ Scope = " Process"
974+ }
975+ }
905976 }
977+ Write-InfoLog $ (Print- FunctionParameters - Message " Connect-AzAccount" - Parameters $AZConnectParams )
978+ Connect-AzAccount @AZConnectParams | Out-Null
906979 $azContext = Get-AzContext
907980 $TenantId = $azContext.Tenant.Id
908981 }
@@ -1801,25 +1874,32 @@ param(
18011874 $DeletingArcCloudResourceMessageProgress = $DeletingArcCloudResourceMessage -f $arcResourceId
18021875 Write-Progress - Id $ArcProgressBarId - ParentId $MainProgressBarId - Activity $UnregisterArcProgressActivityName - Status $DeletingArcCloudResourceMessageProgress - PercentComplete 40
18031876 Execute- Without- ProgressBar - ScriptBlock {Remove-AzResource - ResourceId $arcResourceId - Force | Out-Null }
1804- $arcAADApplication = Get-AzADApplication - ApplicationId $arcStatus.ApplicationId
1805- if ($arcAADApplication -ne $Null )
1877+ if (($Null -ne $arcStatus ) -and ($Null -ne $arcStatus.ApplicationId ))
18061878 {
1807- # when registration happens via older version of the registration script and unregistration happens via newever version
1808- # service will not be able to delete the app since it does not own it.
1809- try
1879+ $arcAADApplication = Get-AzADApplication - ApplicationId $arcStatus.ApplicationId - ErrorAction:SilentlyContinue
1880+ if ($Null -ne $arcAADApplication )
18101881 {
1811- Write-VerboseLog (" Deleting ARC AAD application: $ ( $arcStatus.ApplicationId ) "
1812- Remove-AzADApplication - ApplicationId $arcStatus.ApplicationId - ErrorAction Stop | Out-Null
1813- }
1814- catch
1815- {
1816- # consume exception, this is best effort. Log warning and continue if it fails.
1817- $msg = " Deleting ARC AAD application Failed $ ( $arcStatus.ApplicationId ) . ErrorMessage : {0} .Please delete it manually." -f ($_.Exception.Message )
1818- Write-NodeEventLog - Message $msg - EventID 9011 - IsManagementNode $IsManagementNode - credentials $Credential - ComputerName $ComputerName
1819- Write-WarnLog ($msg )
1882+ # when registration happens via older version of the registration script and unregistration happens via newever version
1883+ # service will not be able to delete the app since it does not own it.
1884+ try
1885+ {
1886+ Write-VerboseLog (" Deleting ARC AAD application: $ ( $arcStatus.ApplicationId ) "
1887+ Remove-AzADApplication - ApplicationId $arcStatus.ApplicationId - ErrorAction Stop | Out-Null
1888+ }
1889+ catch
1890+ {
1891+ # consume exception, this is best effort. Log warning and continue if it fails.
1892+ $msg = " Deleting ARC AAD application Failed $ ( $arcStatus.ApplicationId ) . ErrorMessage : {0} .Please delete it manually." -f ($_.Exception.Message )
1893+ Write-NodeEventLog - Message $msg - EventID 9011 - IsManagementNode $IsManagementNode - credentials $Credential - ComputerName $ComputerName
1894+ Write-WarnLog ($msg )
1895+ }
18201896 }
18211897
18221898 }
1899+ else
1900+ {
1901+ Write-VerboseLog (" ARC not enabled on the cluster, ignoring ARC application deletion check"
1902+ }
18231903 }
18241904
18251905 if ($arcStatus.ClusterArcStatus -ne [ArcStatus ]::Disabled)
@@ -1975,8 +2055,8 @@ param(
19752055 [Parameter (Mandatory = $false )]
19762056 [string ] $ArmAccessToken ,
19772057
1978- # TODO - Remove , this needs coordination with the WAC team
19792058 [Parameter (Mandatory = $false )]
2059+ [Obsolete (" Graph Access is no more required for Az.StackHCI module"
19802060 [string ] $GraphAccessToken ,
19812061
19822062 [Parameter (Mandatory = $false )]
@@ -2621,6 +2701,7 @@ param(
26212701 [string ] $ArmAccessToken ,
26222702
26232703 [Parameter (Mandatory = $false )]
2704+ [Obsolete (" Graph Access is no more required for Az.StackHCI module"
26242705 [string ] $GraphAccessToken ,
26252706
26262707 [Parameter (Mandatory = $false )]
@@ -2824,7 +2905,7 @@ param(
28242905 Write-Progress - Id $MainProgressBarId - activity $UnregisterProgressActivityName - status $DeletingCloudResourceMessageProgress - percentcomplete 80
28252906 Write-VerboseLog (" $DeletingCloudResourceMessageProgress "
28262907 $remResource = Execute- Without- ProgressBar - ScriptBlock { Remove-AzResource - ResourceId $resourceId - Force }
2827- $clusterAADApplication = Get-AzADApplication - ApplicationId $resource.Properties.aadClientId
2908+ $clusterAADApplication = Get-AzADApplication - ApplicationId $resource.Properties.aadClientId - ErrorAction:SilentlyContinue
28282909 if ($clusterAADApplication -ne $Null )
28292910 {
28302911 # when registration happens via older version of the registration script and unregistration happens via newever version
@@ -3176,6 +3257,7 @@ param(
31763257 [string ] $ArmAccessToken ,
31773258
31783259 [Parameter (Mandatory = $false )]
3260+ [Obsolete (" Graph Access is no more required for Az.StackHCI module"
31793261 [string ] $GraphAccessToken ,
31803262
31813263 [Parameter (Mandatory = $false )]
0 commit comments