Get-AccessToken's Breaking Change #27706
Merged
+30
−19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status. |
msJinLei
force-pushed
the
accesstoken_bc
branch
3 times, most recently
from
a3818bd to
cb3b0da
Compare
msJinLei
force-pushed
the
accesstoken_bc
branch
2 times, most recently
from
c02e2b4 to
aeb3b6a
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR updates the Get-AzAccessToken cmdlet to change its default output type from a plain text token (PSAccessToken) to a secure string token (PSSecureAccessToken) while introducing an environment variable to allow a plain text override for backward compatibility.
- Updated the breaking change record in BreakingChangeIssues.csv.
- Modified cmdlet output logic in GetAzureRmAccessToken.cs to conditionally return a plain text token based on an environment variable.
- Updated documentation, changelog, and tests to reflect the change.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/StaticAnalysis/Exceptions/Az.Accounts/BreakingChangeIssues.csv | Added entry for Get-AzAccessToken output type change. |
| src/Accounts/Authentication/Constants.cs | Introduced a new constant for the plain text output override. |
| src/Accounts/Accounts/help/Get-AzAccessToken.md | Revised help text to reflect that the output is now secure by default. |
| src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs | Changed logic to return a secure token unless overridden by an environment variable. |
| src/Accounts/Accounts/ChangeLog.md | Documented the breaking change in the changelog. |
| src/Accounts/Accounts.Test/AccessTokenCmdletTest.cs | Updated tests for plain text output when the environment variable is set. |
Comments suppressed due to low confidence (1)
src/Accounts/Accounts.Test/AccessTokenCmdletTest.cs:88
- The test covers the plain text output branch but does not verify the default secure token branch. Consider adding a test case for when the environment variable is unset to ensure the cmdlet returns a PSSecureAccessToken as expected.
Environment.SetEnvironmentVariable(Constants.AzPsOutputPlainTextAccessToken, bool.TrueString);
isra-fel
requested changes
May 12, 2025
Co-authored-by: Yeming Liu <[email protected]>
Co-authored-by: Yeming Liu <[email protected]>
There was a problem hiding this comment.
Pull Request Overview
This PR implements a breaking change for Get-AzAccessToken by changing its default output from plain text to SecureString while retaining an option (via an environment variable) to return plain text if necessary.
- Updated breaking change records in the CSV file.
- Added a new constant for the environment variable to control output type.
- Modified the cmdlet implementation to conditionally output plain text or SecureString and updated documentation and tests accordingly.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/StaticAnalysis/Exceptions/Az.Accounts/BreakingChangeIssues.csv | Updated breaking change record for Get-AzAccessToken. |
| src/Accounts/Authentication/Constants.cs | Added constant for the environment variable controlling output type. |
| src/Accounts/Accounts/help/Get-AzAccessToken.md | Revised help documentation to reflect the breaking change and new parameter behavior. |
| src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs | Adjusted cmdlet implementation to output SecureString by default with a plain text fallback. |
| src/Accounts/Accounts/ChangeLog.md | Noted the breaking change in the changelog. |
| src/Accounts/Accounts.Test/AccessTokenCmdletTest.cs | Added test coverage to verify plain text output when the environment variable is set. |
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
isra-fel
approved these changes
May 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Change the default output access token of Get-AzAccessToken from plain text to
SecureString.If
AZUREPS_OUTPUT_PLAINTEXT_AZACCESSTOKENis set to true, returns plain text token. The feature is to avoid breaking change in Az.FunctionsMandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.mdand reviewed the following information:ChangeLog.mdfile(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.## Upcoming Releaseheader in the past tense.ChangeLog.mdif no new release is required, such as fixing test case only.