Prevent logging into remote session without credentials to overcome d… #28925
Conversation
…ouble hopon authentication issue
| Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status. |
There was a problem hiding this comment.
Pull request overview
This PR addresses a double hop authentication issue in the StackHCI module that occurs when cmdlets are invoked from within remote PowerShell sessions (e.g., via Invoke-Command). The fix prevents creating nested remote sessions by adding a -newSession $false parameter to Get-SetupLoggingDetails calls and making the Confirm-UserAcknowledgmentToUpgradeOS function handle null session parameters gracefully.
Key changes:
- Modified
Confirm-UserAcknowledgmentToUpgradeOSto accept optional session parameters and execute locally when no session is provided - Updated 11 functions to call
Get-SetupLoggingDetails -newSession $falseinstead of creating new sessions - Added changelog entry documenting the fix
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/StackHCI/StackHCI/ChangeLog.md | Added changelog entry for double hop authentication fix |
| src/StackHCI/StackHCI.Autorest/custom/stackhci.ps1 | Updated Confirm-UserAcknowledgmentToUpgradeOS to handle null sessions; modified 11 functions (VM attestation, remote support, session history cmdlets) to prevent nested session creation |
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
src/StackHCI/StackHCI/ChangeLog.md
Outdated
| - Additional information about change #1 | ||
| --> | ||
| ## Upcoming Release | ||
| * Prevention of DoubleHopOn Authentication issue. |
There was a problem hiding this comment.
The changelog entry needs improvement for the primary audience (Azure PowerShell users). Current issues:
- Technical jargon: "DoubleHopOn Authentication" is developer terminology. Users don't know what this means.
- Missing context: The entry doesn't explain what was fixed or how it affects users.
- No issue reference: Missing a GitHub issue reference (e.g.,
[#12345]).
Suggested revision:
* Fixed authentication errors when running cmdlets from within remote PowerShell sessions
- Resolves issue where certain cmdlets failed with "Access Denied" when invoked via `Invoke-Command`
- Affects `Add-AzStackHCIVMAttestation`, `Remove-AzStackHCIVMAttestation`, remote support cmdlets, and attestation history cmdletsThis explains what was fixed, how it affects users, and provides specific impacted cmdlets.
Co-authored-by: Copilot <[email protected]>
1 participant
…ouble hopon authentication issue
Description
Mandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.mdand reviewed the following information:ChangeLog.mdfile(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.## Upcoming Releaseheader in the past tense.ChangeLog.mdif no new release is required, such as fixing test case only.