From 2c7842db51e1659ecb3ea05d0203a0211b16974a Mon Sep 17 00:00:00 2001
From: Seif Bassem <38246040+sebassem@users.noreply.github.com>
Date: Sun, 14 Jul 2024 12:30:52 +0300
Subject: [PATCH] add secureString flag to Get-AzAccessToken

---
 .../aws/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl   | 4 ++--
 .../gcp/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl   | 4 ++--
 .../winsrv/terraform/scripts/install_arc_agent.ps1.tmpl       | 4 ++--
 .../artifacts/PowerShell/New-HCIBoxCluster.ps1                | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/azure_arc_sqlsrv_jumpstart/aws/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl b/azure_arc_sqlsrv_jumpstart/aws/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
index dbd3c7db06..81faf5e6e6 100644
--- a/azure_arc_sqlsrv_jumpstart/aws/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
+++ b/azure_arc_sqlsrv_jumpstart/aws/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
@@ -65,9 +65,9 @@ function registerArcForServers() {
     elseif (Get-InstalledModule -Name Az.Accounts -MinimumVersion 2.2) {
         # New versions of Az.Account support getting access tokens
         #
-        $token = Get-AzAccessToken
+        $token = (Get-AzAccessToken -AsSecureString).token
         $params += "--access-token"
-        $params += $token.Token
+        $params += (ConvertFrom-SecureString $token -AsPlainText)
     }
 
     & "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" $params
diff --git a/azure_arc_sqlsrv_jumpstart/gcp/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl b/azure_arc_sqlsrv_jumpstart/gcp/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
index 7cc7a51838..9145f94e2b 100644
--- a/azure_arc_sqlsrv_jumpstart/gcp/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
+++ b/azure_arc_sqlsrv_jumpstart/gcp/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
@@ -65,9 +65,9 @@ function registerArcForServers() {
     elseif (Get-InstalledModule -Name Az.Accounts -MinimumVersion 2.2) {
         # New versions of Az.Account support getting access tokens
         #
-        $token = Get-AzAccessToken
+        $token = (Get-AzAccessToken -AsSecureString).token
         $params += "--access-token"
-        $params += $token.Token
+        $params += (ConvertFrom-SecureString $token -AsPlainText)
     }
 
     & "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" $params
diff --git a/azure_arc_sqlsrv_jumpstart/vmware/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl b/azure_arc_sqlsrv_jumpstart/vmware/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
index dbd3c7db06..81faf5e6e6 100644
--- a/azure_arc_sqlsrv_jumpstart/vmware/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
+++ b/azure_arc_sqlsrv_jumpstart/vmware/winsrv/terraform/scripts/install_arc_agent.ps1.tmpl
@@ -65,9 +65,9 @@ function registerArcForServers() {
     elseif (Get-InstalledModule -Name Az.Accounts -MinimumVersion 2.2) {
         # New versions of Az.Account support getting access tokens
         #
-        $token = Get-AzAccessToken
+        $token = (Get-AzAccessToken -AsSecureString).token
         $params += "--access-token"
-        $params += $token.Token
+        $params += (ConvertFrom-SecureString $token -AsPlainText)
     }
 
     & "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" $params
diff --git a/azure_jumpstart_hcibox/artifacts/PowerShell/New-HCIBoxCluster.ps1 b/azure_jumpstart_hcibox/artifacts/PowerShell/New-HCIBoxCluster.ps1
index 3bb92b5b13..8560ce1015 100644
--- a/azure_jumpstart_hcibox/artifacts/PowerShell/New-HCIBoxCluster.ps1
+++ b/azure_jumpstart_hcibox/artifacts/PowerShell/New-HCIBoxCluster.ps1
@@ -1466,14 +1466,14 @@ function Set-HCIDeployPrereqs {
             Install-Module Az.Resources -Force
             $azureAppCred = (New-Object System.Management.Automation.PSCredential $clientId, (ConvertTo-SecureString -String $clientSecret -AsPlainText -Force))
             Connect-AzAccount -ServicePrincipal -SubscriptionId $subId -TenantId $tenantId -Credential $azureAppCred
-            $armtoken = Get-AzAccessToken
+            $armtoken = ConvertFrom-SecureString ((Get-AzAccessToken -AsSecureString).Token) -AsPlainText
 
             # Workaround for BITS transfer issue
             Get-NetAdapter StorageA | Disable-NetAdapter -Confirm:$false | Out-Null
             Get-NetAdapter StorageB | Disable-NetAdapter -Confirm:$false | Out-Null
 
             #Invoke the registration script.
-            Invoke-AzStackHciArcInitialization -SubscriptionID $subId -ResourceGroup $resourceGroup -TenantID $tenantId -Region $location -Cloud "AzureCloud" -ArmAccessToken $armtoken.Token -AccountID $clientId
+            Invoke-AzStackHciArcInitialization -SubscriptionID $subId -ResourceGroup $resourceGroup -TenantID $tenantId -Region $location -Cloud "AzureCloud" -ArmAccessToken $armtoken -AccountID $clientId
 
             Get-NetAdapter StorageA | Enable-NetAdapter -Confirm:$false | Out-Null
             Get-NetAdapter StorageB | Enable-NetAdapter -Confirm:$false | Out-Null