Add step to prompt about app's authentication type (#4500)

* Change casing, add auth type step

* Localize quick picks. Default instance mem and max mem for basic creation due to excess prompts

* Minor fixes

Author: nturinski

src/commands/addMIConnections/SettingsAddBaseStep.ts

@@ -158,7 +158,7 @@ function getClientIdAndCredentialPropertiesForRemote(context: AddMIConnectionsCo
             },
             {
                 name: `${connectionName}__credential`,
-                value: 'managedIdentity'
+                value: 'managedidentity'
             }
         );
     }

src/commands/createFunctionApp/AuthenticationPromptStep.ts

@@ -3,9 +3,11 @@
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-import { UserAssignedIdentityListStep } from "@microsoft/vscode-azext-azureutils";
-import { AzureWizardPromptStep, type IAzureQuickPickOptions, type IWizardOptions } from "@microsoft/vscode-azext-utils";
+import { AzureWizardPromptStep, type AzureWizardExecuteStep, type IAzureQuickPickOptions, type IWizardOptions } from "@microsoft/vscode-azext-utils";
 import { type QuickPickItem } from "vscode";
+
+import { UserAssignedIdentityCreateStep, UserAssignedIdentityListStep } from "@microsoft/vscode-azext-azureutils";
+import { localize } from "../../localize";
 import { type IFunctionAppWizardContext } from "./IFunctionAppWizardContext";
 
 export class AuthenticationPromptStep<T extends IFunctionAppWizardContext> extends AzureWizardPromptStep<T> {
@@ -14,35 +16,44 @@ export class AuthenticationPromptStep<T extends IFunctionAppWizardContext> exten
         super();
     }
 
-    public async prompt(wizardContext: T): Promise<void> {
+    public async prompt(context: T): Promise<void> {
         const options: IAzureQuickPickOptions = { placeHolder: 'Select resource authentication type', id: `AuthenticationPromptStep` };
-        this._useManagedIdentity = (await wizardContext.ui.showQuickPick(this.getQuickPicks(wizardContext), options)).label === 'Managed identity';
+        this._useManagedIdentity = (await context.ui.showQuickPick(this.getQuickPicks(context), options)).label === 'Managed identity';
     }
 
-    public shouldPrompt(wizardContext: T): boolean {
+    public shouldPrompt(context: T): boolean {
         // don't need to prompt if the user has already selected a managed identity
-        return !wizardContext.managedIdentity;
+        return !context.managedIdentity;
     }
 
-    public async getSubWizard(_wizardContext: T): Promise<IWizardOptions<T> | undefined> {
+    public async getSubWizard(context: T): Promise<IWizardOptions<T> | undefined> {
         if (this._useManagedIdentity) {
+            const promptSteps: AzureWizardPromptStep<T>[] = [];
+            const executeSteps: AzureWizardExecuteStep<T>[] = [];
+            if (context.advancedCreation) {
+                promptSteps.push(new UserAssignedIdentityListStep());
+            } else {
+                executeSteps.push(new UserAssignedIdentityCreateStep());
+            }
+
             return {
-                promptSteps: [new UserAssignedIdentityListStep()],
-                executeSteps: [],
+                promptSteps,
+                executeSteps
             }
         }
 
         return undefined;
     }
 
-    private async getQuickPicks(_wizardContext: T): Promise<QuickPickItem[]> {
+    private getQuickPicks(_context: T): QuickPickItem[] {
         return [
             {
-                label: 'Secrets',
+                label: localize('secrets', 'Secrets'),
+                detail: localize('secretsDetails', 'Uses storage connection strings which may be insecure and expose sensitive credentials.')
             },
             {
-                label: 'Managed identity',
-                detail: 'For best security practice, use managed idenity authentication when available (some resources may only use secrets).',
+                label: localize('managedIdentity', 'Managed identity'),
+                detail: localize('managedIdentityDetails', 'For best security practice, use managed identity authentication when available.'),
             },
         ]
     }

src/commands/createFunctionApp/createCreateFunctionAppComponents.ts

@@ -4,14 +4,15 @@
  *--------------------------------------------------------------------------------------------*/
 
 import { AppInsightsCreateStep, AppInsightsListStep, AppKind, AppServicePlanCreateStep, AppServicePlanListStep, CustomLocationListStep, LogAnalyticsCreateStep, SiteNameStep, WebsiteOS, type IAppServiceWizardContext } from "@microsoft/vscode-azext-azureappservice";
-import { CommonRoleDefinitions, createRoleId, LocationListStep, ResourceGroupCreateStep, ResourceGroupListStep, RoleAssignmentExecuteStep, StorageAccountCreateStep, StorageAccountKind, StorageAccountListStep, StorageAccountPerformance, StorageAccountReplication, UserAssignedIdentityCreateStep, UserAssignedIdentityListStep, type INewStorageAccountDefaults, type Role } from "@microsoft/vscode-azext-azureutils";
+import { CommonRoleDefinitions, createRoleId, LocationListStep, ResourceGroupCreateStep, ResourceGroupListStep, RoleAssignmentExecuteStep, StorageAccountCreateStep, StorageAccountKind, StorageAccountListStep, StorageAccountPerformance, StorageAccountReplication, UserAssignedIdentityListStep, type INewStorageAccountDefaults, type Role } from "@microsoft/vscode-azext-azureutils";
 import { type AzureWizardExecuteStep, type AzureWizardPromptStep, type ISubscriptionContext } from "@microsoft/vscode-azext-utils";
 import { FuncVersion, latestGAVersion, tryParseFuncVersion } from "../../FuncVersion";
 import { funcVersionSetting } from "../../constants";
 import { tryGetLocalFuncVersion } from "../../funcCoreTools/tryGetLocalFuncVersion";
 import { type ICreateFunctionAppContext } from "../../tree/SubscriptionTreeItem";
 import { createActivityContext } from "../../utils/activityUtils";
 import { getRootFunctionsWorkerRuntime, getWorkspaceSetting, getWorkspaceSettingFromAnyFolder } from "../../vsCodeConfig/settings";
+import { AuthenticationPromptStep } from "./AuthenticationPromptStep";
 import { FunctionAppCreateStep } from "./FunctionAppCreateStep";
 import { FunctionAppHostingPlanStep } from "./FunctionAppHostingPlanStep";
 import { type IFunctionAppWizardContext } from "./IFunctionAppWizardContext";
@@ -64,6 +65,7 @@ export async function createCreateFunctionAppComponents(context: ICreateFunction
         promptSteps.push(...functionAppWizard.promptSteps);
         executeSteps.push(...functionAppWizard.executeSteps);
     }
+    promptSteps.push(new AuthenticationPromptStep());
 
     if (!wizardContext.advancedCreation) {
         LocationListStep.addStep(wizardContext, promptSteps);
@@ -73,7 +75,6 @@ export async function createCreateFunctionAppComponents(context: ICreateFunction
         executeSteps.push(new ResourceGroupCreateStep());
         executeSteps.push(new StorageAccountCreateStep(storageAccountCreateOptions));
         executeSteps.push(new AppInsightsCreateStep());
-        executeSteps.push(new UserAssignedIdentityCreateStep());
         if (!context.dockerfilePath) {
             executeSteps.push(new AppServicePlanCreateStep());
             executeSteps.push(new LogAnalyticsCreateStep());
@@ -103,8 +104,8 @@ export async function createCreateFunctionAppComponents(context: ICreateFunction
     executeSteps.push(new RoleAssignmentExecuteStep(() => {
         const role: Role = {
             scopeId: wizardContext?.storageAccount?.id,
-            roleDefinitionId: createRoleId(wizardContext?.subscriptionId, CommonRoleDefinitions.storageBlobDataOwner),
-            roleDefinitionName: CommonRoleDefinitions.storageBlobDataOwner.roleName
+            roleDefinitionId: createRoleId(wizardContext?.subscriptionId, CommonRoleDefinitions.storageBlobDataContributor),
+            roleDefinitionName: CommonRoleDefinitions.storageBlobDataContributor.roleName
         };
 
         return [role];

src/commands/createFunctionApp/flex/InstanceMemoryMBPromptStep.ts

@@ -22,6 +22,13 @@ export class InstanceMemoryMBPromptStep extends AzureWizardPromptStep<IFlexFunct
         return !context.newFlexInstanceMemoryMB;
     }
 
+    public configureBeforePrompt(context: IFlexFunctionAppWizardContext): void | Promise<void> {
+        // use default instance memory size if not using advanced creation
+        if (!context.advancedCreation) {
+            context.newFlexInstanceMemoryMB = context.newFlexSku?.instanceMemoryMB.find(im => im.isDefault)?.size;
+        }
+    }
+
     private getPicks(flexSku: Sku): IAzureQuickPickItem<number>[] {
         const picks = flexSku.instanceMemoryMB.map(im => { return { label: im.size.toString(), data: im.size, description: im.isDefault ? 'Default' : undefined } });
         return picks.sort((a, b) => Number(!!b.description) - Number(!!a.description));

src/commands/createFunctionApp/flex/MaximumInstanceCountPromptStep.ts

@@ -24,6 +24,13 @@ export class MaximumInstanceCountPromptStep extends AzureWizardPromptStep<IFlexF
         return !context.newFlexMaximumInstanceCount;
     }
 
+    public configureBeforePrompt(context: IFlexFunctionAppWizardContext): void | Promise<void> {
+        // use default maximum instance count if not using advanced creation
+        if (!context.advancedCreation) {
+            context.newFlexMaximumInstanceCount = context.newFlexSku?.maximumInstanceCount.defaultValue;
+        }
+    }
+
     private validateInput(flexSku: Sku, val: string): string | undefined {
         const num = Number(val);
 

src/utils/managedIdentityUtils.ts

@@ -30,7 +30,7 @@ export function createAzureWebJobsStorageManagedIdentitySettings(context: IFunct
         });
         appSettings.push({
             name: `${ConnectionKey.Storage}__credential`,
-            value: 'managedIdentity'
+            value: 'managedidentity'
         });
     }