Update ImportAzureApplicationGateway.ps1 for Az module an password security #2487

valdearg · 2023-12-11T14:35:16Z

AzureRM has been generally deprecated in favour of the Az module, this is largely just a drop-in replacement for commands.

For encoding passwords with the new method we need to use -Force and -AsPlainText

… Password security AzureRM has been generally deprecated in favour of the Az module, this is largely just a drop-in replacement for commands. For encoding passwords with the new method we need to use -Force and -AsPlainText https://learn.microsoft.com/en-us/azure/application-gateway/renew-certificates

webprofusion-chrisc · 2023-12-12T01:58:22Z

Wouldn't this break the script for existing users?

valdearg · 2023-12-12T11:30:49Z

I've been having a bit of a think on this and just sharing my thoughts.

The Az module is a fairly "drop-in" replacement, however this requires intervention by the user to apply, even if we were to place the Az module user installation into the script. It may also just generally not possible to install automatically in environments.
AzureRM has been deprecated for quite a few years at this point. There is an option to enable legacy aliases within the Az module which means scripts won't need to be updated, but it's not the best way around things in production.
A safer option may be to move these changes into a ImportAzureApplicationGateway.v2.ps1 instance, this means that users who are using the AzureRM version would not be affected and new users would be able to choose which version to use.
I wouldn't say no to updating the auth option also in a future pull request, there's a new option of authenticating which may make it easier for setup in an automated environment. Of course, making it optional.

WouterTinus · 2023-12-13T23:01:31Z

I think making this a .v2 version of the script would be wise.

Provide feedback