Removal of Insider SAS Token (#3166)

Co-authored-by: freddydk <[email protected]>
microsoft · Sep 27, 2023 · b918ae1 · b918ae1
1 parent 19df6a3
commit b918ae1
Show file tree

Hide file tree

Showing 9 changed files with 95 additions and 116 deletions.
diff --git a/AppHandling/Run-AlPipeline.ps1 b/AppHandling/Run-AlPipeline.ps1
@@ -11,6 +11,8 @@
   If a folder on the host computer is specified in the sharedFolder parameter, it will be shared with the container as c:\shared
  .Parameter licenseFile
   License file to use for AL Pipeline.
+ .Parameter accept_insiderEula
+  Switch, which you need to specify if you are going to create a container with an insider build of Business Central on Docker containers (See https://go.microsoft.com/fwlink/?linkid=2245051)
  .Parameter containerName
   This is the containerName going to be used for the build/test container. If not specified, the container name will be the pipeline name followed by -bld.
  .Parameter imageName
@@ -82,6 +84,7 @@
   This is the folder (relative to base folder) where compiled apps are placed. Only relevant when not using useDevEndpoint.
  .Parameter artifact
   The description of which artifact to use. This can either be a URL (from Get-BcArtifactUrl) or in the format storageAccount/type/version/country/select/sastoken, where these values are transferred as parameters to Get-BcArtifactUrl. Default value is ///us/current.
+  If you specify accept_insiderEula, you do not need to specify a sasToken
  .Parameter useGenericImage
   Specify a private (or special) generic image to use for the Container OS. Default is calling Get-BestGenericImageName.
  .Parameter buildArtifactFolder
@@ -133,7 +136,7 @@
  .Parameter vsixFile
   Specify a URL or path to a .vsix file in order to override the .vsix file in the image with this.
   Use Get-LatestAlLanguageExtensionUrl to get latest AL Language extension from Marketplace.
-  Use Get-AlLanguageExtensionFromArtifacts -artifactUrl (Get-BCArtifactUrl -select NextMajor -sasToken $insiderSasToken) to get latest insider .vsix
+  Use Get-AlLanguageExtensionFromArtifacts -artifactUrl (Get-BCArtifactUrl -select NextMajor -accept_insiderEula) to get latest insider .vsix
  .Parameter enableCodeCop
   Include this switch to include Code Cop Rules during compilation.
  .Parameter enableAppSourceCop
@@ -260,6 +263,7 @@ Param(
     [string] $baseFolder = "",
     [string] $sharedFolder = "",
     [string] $licenseFile,
+    [switch] $accept_insiderEula,
     [string] $containerName = "$($pipelineName.Replace('.','-') -replace '[^a-zA-Z0-9---]', '')-bld".ToLowerInvariant(),
     [string] $imageName = 'my',
     [switch] $enableTaskScheduler,
@@ -569,7 +573,7 @@ else {
     if ($additionalCountries) {
         $minver = $null
         @($country)+$additionalCountries | ForEach-Object {
-            $url = Get-BCArtifactUrl -storageAccount $storageAccount -type $type -version $version -country $_.Trim() -select $select -sasToken $sasToken | Select-Object -First 1
+            $url = Get-BCArtifactUrl -storageAccount $storageAccount -type $type -version $version -country $_.Trim() -select $select -sasToken $sasToken -accept_insiderEula:$accept_insiderEula | Select-Object -First 1
             Write-Host "Found $($url.Split('?')[0])"
             if ($url) {
                 $ver = [Version]$url.Split('/')[4]
@@ -586,7 +590,7 @@ else {
         }
         $version = $minver.ToString()
     }
-    $artifactUrl = Get-BCArtifactUrl -storageAccount $minsto -type $type -version $version -country $country -select $minsel -sasToken $mintok | Select-Object -First 1
+    $artifactUrl = Get-BCArtifactUrl -storageAccount $minsto -type $type -version $version -country $country -select $minsel -sasToken $mintok -accept_insiderEula:$accept_insiderEula | Select-Object -First 1
     if (!($artifactUrl)) {
         throw "Unable to locate artifacts"
     }
@@ -966,6 +970,7 @@ Measure-Command {
 
             $Parameters += @{
                 "accept_eula" = $true
+                "accept_insiderEula" = $accept_insiderEula
                 "containerName" = $containerName
                 "artifactUrl" = $artifactUrl
                 "useGenericImage" = $useGenericImage

diff --git a/Artifacts/Download-Artifacts.ps1 b/Artifacts/Download-Artifacts.ps1
@@ -78,7 +78,7 @@ try {
             }
             if (-not $exists) {
                 Write-Host "Downloading artifact $($appUri.AbsolutePath)"
-                TestSasToken -sasToken $artifactUrl
+                TestSasToken -url $artifactUrl
                 $retry = $false
                 do {
                     $appZip = Join-Path ([System.IO.Path]::GetTempPath()) "$([Guid]::NewGuid().ToString()).zip"
@@ -203,7 +203,7 @@ try {
                 }
                 if (-not $exists) {
                     Write-Host "Downloading platform artifact $($platformUri.AbsolutePath)"
-                    TestSasToken -sasToken $platformUrl
+                    TestSasToken -url $platformUrl
                     $retry = $false
                     do {
                         $platformZip = Join-Path ([System.IO.Path]::GetTempPath()) "$([Guid]::NewGuid().ToString()).zip"

diff --git a/Artifacts/Get-BCArtifactUrl.ps1 b/Artifacts/Get-BCArtifactUrl.ps1
@@ -23,7 +23,10 @@
  .Parameter storageAccount
   The storageAccount that is being used where artifacts are stored (default is bcartifacts, usually should not be changed).
  .Parameter sasToken
-  The token that for accessing protected Azure Blob Storage (like insider builds).  Make sure to set the right storageAccount!
+  The token that for accessing protected Azure Blob Storage. Make sure to set the right storageAccount!
+  Note that Business Central Insider artifacts doesn't require a sasToken after October 1st 2023, you can use the switch -accept_insiderEula to accept the EULA instead.
+ .Parameter accept_insiderEula
+  Accept the EULA for Business Central Insider artifacts. This is required for using Business Central Insider artifacts without providing a SAS token after October 1st 2023.
  .Example
   Get the latest URL for Belgium: 
   Get-BCArtifactUrl -Type OnPrem -Select Latest -country be
@@ -44,6 +47,7 @@ function Get-BCArtifactUrl {
         [DateTime] $before,
         [String] $storageAccount = '',
         [String] $sasToken = '',
+        [switch] $accept_insiderEula,
         [switch] $doNotCheckPlatform
     )
 
@@ -101,48 +105,19 @@ try {
         if ($storageAccount -ne '' -or $type -eq 'OnPrem' -or $version -ne '') {
             throw "You cannot specify storageAccount, type=OnPrem or version when selecting $select release"
         }
-        if ($sasToken -eq '') {
-            throw "You need to specify an insider SasToken if you want to get $select release"
-        }
+
         $current = Get-BCArtifactUrl -country 'base' -select Latest -doNotCheckPlatform:$doNotCheckPlatform
         $currentversion = [System.Version]($current.Split('/')[4])
 
         $nextminorversion = "$($currentversion.Major).$($currentversion.Minor+1)."
         $nextmajorversion = "$($currentversion.Major+1).0."
-
-        $publicpreviews = Get-BcArtifactUrl -country $country -storageAccount bcpublicpreview -select All -doNotCheckPlatform:$doNotCheckPlatform
-        $insiders = Get-BcArtifactUrl -country $country -storageAccount bcinsider -select All -sasToken $sasToken -doNotCheckPlatform:$doNotCheckPlatform
-
-        $publicpreview = $publicpreviews | Where-Object { $_.Split('/')[4].StartsWith($nextmajorversion) } | Select-Object -Last 1
-        $insider = $insiders | Where-Object { $_.Split('/')[4].StartsWith($nextmajorversion) } | Select-Object -Last 1
-
-        $nextmajor = $insider
-        if (!($insider)) {
-            $nextmajor = $publicpreview
+        if ($currentVersion.Minor -ge 5) {
+            $nextminorversion = $nextmajorversion
         }
-        elseif ($publicpreview) {
-            if ([version]($publicpreview.Split('/')[4]) -ge [version]($insider.Split('/')[4])) {
-                $nextmajor = $publicpreview
-            }
-        }
-
-        $insider = $insiders | Where-Object { $_.Split('/')[4].StartsWith($nextminorversion) } | Select-Object -Last 1
-        $publicpreview = $publicpreviews | Where-Object { $_.Split('/')[4].StartsWith($nextminorversion) } | Select-Object -Last 1
 
-        $nextminor = $insider
-        if (!($insider)) {
-            if ($publicpreview) {
-                $nextminor = $publicpreview
-            }
-            else {
-                $nextminor = $nextmajor
-            }
-        }
-        elseif ($publicpreview) {
-            if ([version]($publicpreview.Split('/')[4]) -ge [version]($insider.Split('/')[4])) {
-                $nextminor = $publicpreview
-            }
-        }
+        $insiders = Get-BcArtifactUrl -country $country -storageAccount bcinsider -select All -sasToken $sasToken -doNotCheckPlatform:$doNotCheckPlatform -accept_insiderEula:$accept_insiderEula
+        $nextmajor = $insiders | Where-Object { $_.Split('/')[4].StartsWith($nextmajorversion) } | Select-Object -Last 1
+        $nextminor = $insiders | Where-Object { $_.Split('/')[4].StartsWith($nextminorversion) } | Select-Object -Last 1
 
         if ($select -eq 'NextMinor') {
             $nextminor
@@ -152,7 +127,9 @@ try {
         }
     }
     else {
-        TestSasToken -sasToken $sasToken
+        if ($sasToken) {
+            TestSasToken -url $sasToken
+        }
 
         if ($storageAccount -eq '') {
             $storageAccount = 'bcartifacts'
@@ -164,6 +141,17 @@ try {
         $BaseUrl = "https://$storageAccount/$($Type.ToLowerInvariant())/"
         $storageAccount = $storageAccount -replace ".azureedge.net", ".blob.core.windows.net"
 
+        if ($storageAccount -eq 'bcinsider.blob.core.windows.net') {
+            if (!$accept_insiderEULA) {
+                if ($sasToken) {
+                    Write-Host -ForegroundColor Yellow "After October 1st 2023, you can specify -accept_insiderEula to accept the insider EULA (https://go.microsoft.com/fwlink/?linkid=2245051) for Business Central Insider artifacts instead of providing a SAS token."
+                }
+                else {
+                    throw "You need to accept the insider EULA (https://go.microsoft.com/fwlink/?linkid=2245051) by specifying -accept_insiderEula or by providing a SAS token to get access to insider builds"
+                }
+            }
+        }
+
         $GetListUrl = "https://$storageAccount/$($Type.ToLowerInvariant())/"
 
         if ($bcContainerHelperConfig.DoNotUseCdnForArtifacts) {
@@ -179,7 +167,7 @@ try {
 
         if ($select -eq 'SecondToLastMajor') {
             if ($version) {
-                throw "You cannot specify a version when asking for the Second To Lst Major version"
+                throw "You cannot specify a version when asking for the Second To Last Major version"
             }
         }
         elseif ($select -eq 'Closest') {

diff --git a/ContainerHandling/New-NavContainer.ps1 b/ContainerHandling/New-NavContainer.ps1
@@ -6,6 +6,8 @@
   Adds shortcut on the desktop for Web Client and Container PowerShell prompt
  .Parameter accept_eula
   Switch, which you need to specify if you accept the eula for running NAV or Business Central on Docker containers (See https://go.microsoft.com/fwlink/?linkid=861843)
+ .Parameter accept_insiderEula
+  Switch, which you need to specify if you are going to create a container with an insider build of Business Central on Docker containers (See https://go.microsoft.com/fwlink/?linkid=2245051)
  .Parameter accept_outdated
   Specify accept_outdated to ignore error when running containers which are older than 90 days
  .Parameter containerName
@@ -174,11 +176,13 @@
  .Parameter vsixFile
   Specify a URL or path to a .vsix file in order to override the .vsix file in the image with this.
   Use Get-LatestAlLanguageExtensionUrl to get latest AL Language extension from Marketplace.
-  Use Get-AlLanguageExtensionFromArtifacts -artifactUrl (Get-BCArtifactUrl -select NextMajor -sasToken $insiderSasToken) to get latest insider .vsix
+  Use Get-AlLanguageExtensionFromArtifacts -artifactUrl (Get-BCArtifactUrl -select NextMajor -accept_insiderEula) to get latest insider .vsix
  .Parameter sqlTimeout
   SQL Timeout for database restore operations
  .Example
   New-BcContainer -accept_eula -containerName test
+ .Example
+  New-BcContainer -accept_eula -containerName test -accept_insiderEula -artifactUrl (Get-BcArtifactUrl -accept_insiderEula -country dk -select NextMajor)
  .Example
   New-BcContainer -accept_eula -containerName test -multitenant
  .Example
@@ -191,6 +195,7 @@
 function New-BcContainer {
     Param (
         [switch] $accept_eula,
+        [switch] $accept_insiderEula,
         [switch] $accept_outdated = $true,
         [string] $containerName = $bcContainerHelperConfig.defaultContainerName,
         [string] $imageName = "",
@@ -531,6 +536,19 @@ try {
         # When using artifacts, you always use best container os - no need to replatform
         $useBestContainerOS = $false
 
+        if ($artifactUrl -like 'https://bcinsider.blob.core.windows.net/*' -or $artifactUrl -like 'https://bcinsider.azureedge.net/*') {
+            if (!$accept_insiderEULA) {
+                $sasToken = "?$("$($artifactUrl)?".Split('?')[1])"
+                if ($sasToken -eq '?') {
+                    throw "You need to accept the insider EULA (https://go.microsoft.com/fwlink/?linkid=2245051) by specifying -accept_insiderEula or by providing a SAS token to get access to insider builds"
+                }
+                else {
+                    TestSasToken -url $artifactUrl
+                    Write-Host -ForegroundColor Yellow "After October 1st 2023, you can specify -accept_insiderEula to accept the insider EULA (https://go.microsoft.com/fwlink/?linkid=2245051) for Business Central Insider artifacts instead of providing a SAS token."
+                }
+            }
+        }
+
         $artifactPaths = Download-Artifacts -artifactUrl $artifactUrl -includePlatform -forceRedirection:$alwaysPull
         $appArtifactPath = $artifactPaths[0]
         $platformArtifactPath = $artifactPaths[1]

diff --git a/CreateALGoRepo.ps1 b/CreateALGoRepo.ps1
@@ -438,7 +438,6 @@ $Step = @{
 
 $orgSecrets = @()
 $secrets = [ordered]@{
-    "InsiderSasToken" = ""
     "ghTokenWorkflow" = ""
     "AdminCenterApiCredentials" = ""
     "LicenseFileUrl" = ""
@@ -832,7 +831,7 @@ $Step.scheduledWorkflows {
                                                                                                     
                                                                                                     
 '@ `
-        -Description "AL-Go for GitHub includes three workflows, which typically are setup to run on a schedule.`nNote that in order to run the Test Next Minor and Test Next Major workflows, you need to have provide a secret called insiderSasToken.`n" `
+        -Description "AL-Go for GitHub includes three workflows, which typically are setup to run on a schedule.`n" `
         -options ([ordered]@{"Current" = "Test Current    : $($settings.CurrentSchedule)"; "NextMinor" = "Test Next Minor : $($settings.NextMinorSchedule)"; "NextMajor" = "Test Next Major : $($settings.NextMajorSchedule)"; "none" = "No further changes needed" }) `
         -question "Select schedule to change" `
         -previousStep `
@@ -887,7 +886,7 @@ $Step.GitHubRunner {
 
 $Step.Secrets {
 
-    $neededSecrets = "- InsiderSasToken - if you want to run builds against future versions of Business Central, this secret needs to contain the insider SAS token from |https://aka.ms/collaborate|`n- GhTokenWorkflow - must be a valid personal access token with permissions to modify workflows, created from |https://github.com/settings/tokens|`n- [environment-]AuthContext - Authentication context for authenticating to specific environments (continuous deployment, publish to production)`n- AdminCenterApiCredentials - An AuthContext for accessing the Admin Center Api (creating development environments)`n- AZURE_CREDENTIALS - is used as a GitHub secret to provide access to an Azure KeyVault with your secrets`n"
+    $neededSecrets = "- GhTokenWorkflow - must be a valid personal access token with permissions to modify workflows, created from |https://github.com/settings/tokens|`n- [environment-]AuthContext - Authentication context for authenticating to specific environments (continuous deployment, publish to production)`n- AdminCenterApiCredentials - An AuthContext for accessing the Admin Center Api (creating development environments)`n- AZURE_CREDENTIALS - is used as a GitHub secret to provide access to an Azure KeyVault with your secrets`n"
     if ($appType -eq "AppSource") {
         $neededSecrets += "- LicenseFile - needs to contain a direct download URL for your Business Central license file`n- CodeSignCertificateUrl - direct download URL for Code Signing certificate`n- CodeSignCertificatePassword - pfx password for code signing certificate."
     }
@@ -1045,20 +1044,6 @@ $Step.DefineSecrets {
         $script:wizardStep = $step.DefineSecrets
         Write-Host -ForegroundColor Yellow "`n$setSecret`n"
         switch ($setSecret) {
-        "InsiderSasToken" {
-            Write-Host "The Insider SAS Token is available for Microsoft partners on https://aka.ms/collaborate for members of the Ready! for Dynamics 365 Business Central Engagement`nPlease follow the steps on https://aka.ms/bcpublisher to get access`n`nThe package containing the Insider SAS Token is called Working with Business Central Insider Builds and is available for download here:`n`nhttps://partner.microsoft.com/en-us/dashboard/collaborate/packages/9387`n"
-            while ($true) {
-                $secrets.InsiderSasToken = Read-Host "Please paste the Insider SAS token here"
-                if (-not ($secrets.InsiderSasToken)) { break }
-                try {
-                    Get-BCArtifactUrl -storageAccount bcinsider -country us -sasToken $secrets.InsiderSasToken
-                    break
-                }
-                catch {
-                    Write-Host -ForegroundColor Red "The Insider SAS Token is invalid"
-                }
-            }
-        }
         "ghTokenWorkflow" {
             Write-Host "In order to run the Update AL-Go System files workflow, the ghTokenWorkflow secret needs to be defined.`nVisit the personal access tokens site for your account on GitHub and generate a new token with the workflow scope selected.`nNote that if you specify a PAT with an expiration date, you will have to update the token when it expires.`n`nYou can visit the Personal Access Tokens site on GitHub using this URL:`n`nhttps://github.com/settings/tokens`n"
             $secrets.ghTokenWorkflow = Read-Host "Please paste the Personal Access Token with workflow scope here"