Azure
diff --git a/‎README.md‎
Lines changed: 48 additions & 4 deletions b/‎README.md‎
Lines changed: 48 additions & 4 deletions
diff --git a/‎action.yml‎
Lines changed: 18 additions & 2 deletions b/‎action.yml‎
Lines changed: 18 additions & 2 deletions
diff --git a/‎lib/arc-login.js‎
Lines changed: 92 additions & 0 deletions b/‎lib/arc-login.js‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎lib/client.js‎
Lines changed: 99 additions & 0 deletions b/‎lib/client.js‎
Lines changed: 99 additions & 0 deletions
@@ -2,14 +2,17 @@
 
 This action can be used to set cluster context before other actions like [`azure/k8s-deploy`](https://github.com/Azure/k8s-deploy/tree/master), [`azure/k8s-create-secret`](https://github.com/Azure/k8s-create-secret/tree/master) or any kubectl commands (in script) can be run subsequently in the workflow.
 
-There are two approaches for specifying the deployment target:
+It is a requirement to use [`azure/login`](https://github.com/Azure/login/tree/master) in your workflow before using this action. 
+
+There are three approaches for specifying the deployment target:
 
 - Kubeconfig file provided as input to the action
 - Service account approach where the secret associated with the service account is provided as input to the action
+- Service principal approach(only applicable for arc cluster) where service principal provided with 'creds' is used as input to action 
 
-If inputs related to both these approaches are provided, kubeconfig approach related inputs are given precedence.
+If inputs related to all these approaches are provided, kubeconfig approach related inputs are given precedence.
 
-In both these approaches it is recommended to store these contents (kubeconfig file content or secret content) in a [secret](https://developer.github.com/actions/managing-workflows/storing-secrets/) which could be referenced later in the action.
+In all these approaches it is recommended to store these contents (kubeconfig file content or secret content) in a [secret](https://developer.github.com/actions/managing-workflows/storing-secrets/) which could be referenced later in the action.
 
 ## Action inputs
 
@@ -22,7 +25,7 @@ In both these approaches it is recommended to store these contents (kubeconfig f
   </thead>
   <tr>
     <td><code>method</code><br/>Method</td>
-    <td>(Optional) Acceptable values: kubeconfig/service-account. Default value: kubeconfig</td>
+    <td>(Optional) Acceptable values: kubeconfig/service-account/service-principal. Default value: kubeconfig</td>
   </tr>
   <tr>
     <td><code>kubeconfig</code><br/>Kubectl config</td>
@@ -40,6 +43,22 @@ In both these approaches it is recommended to store these contents (kubeconfig f
     <td><code>k8s-secret</code><br/>Secret</td>
     <td>(Relevant for service account approach) Secret associated with the service account to be used for deployments</td>
   </tr>
+  <tr>
+    <td><code>cluster-type</code><br/>Type of cluster</td>
+    <td>Type of cluster. Acceptable values: generic/arc</td>
+  </tr>
+  <tr>
+    <td><code>cluster-name</code><br/>Name of arc cluster</td>
+    <td>Name of Azure Arc enabled Kubernetes cluster. Required only if cluster-type is 'arc'.</td>
+  </tr>
+  <tr>
+    <td><code>resource-group</code><br/>resource group</td>
+    <td>Resource group containing the Azure Arc enabled Kubernetes cluster. Required only if cluster-type is 'arc'.</td>
+  </tr>
+  <tr>
+    <td><code>token</code><br/>Service account token</td>
+    <td>Applicable for 'service-account' method.</td>
+  </tr>
 </table>
 
 ## Example usage
@@ -101,6 +120,31 @@ kubectl get serviceAccounts <service-account-name> -n <namespace> -o 'jsonpath={
 kubectl get secret <service-account-secret-name> -n <namespace> -o yaml
 ```
 
+### Service account approach for arc cluster
+
+```yaml
+- uses: azure/k8s-set-context@v1
+  with:
+    method: service-account
+    cluster-type: 'arc'
+    cluster-name: <cluster-name>
+    resource-group: <resource-group>
+    token: '${{ secrets.SA_TOKEN }}'
+  id: setcontext
+```
+
+### Service principal approach for arc cluster
+
+```yaml
+- uses: azure/k8s-set-context@v1
+  with:
+    method: service-principal
+    cluster-type: 'arc'
+    cluster-name: <cluster-name>
+    resource-group: <resource-group>
+  id: setcontext
+```
+
 ## Contributing
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a
 
@@ -2,8 +2,12 @@ name: 'Kubernetes set context'
 description: 'Kubernetes set context'
 inputs: 
 # Used for setting the target K8s cluster context which will be used by other actions like azure/k8s-actions/k8s-deploy or azure/k8s-actions/k8s-create-secret
+  cluster-type:
+    description: 'Acceptable values: generic or arc'
+    required: true
+    default: 'generic'
   method:
-    description: 'Acceptable values: kubeconfig or service-account'
+    description: 'Acceptable values: kubeconfig or service-account or service-principal'
     required: true
     default: 'kubeconfig'
   kubeconfig:
@@ -23,9 +27,21 @@ inputs:
     description: 'Service account secret. Run kubectl get serviceaccounts <service-account-name> -o yaml and copy the service-account-secret-name. Copy the ouptut of kubectl get secret <service-account-secret-name> -o yaml'
     required: false
     default: ''
+  token:
+    description: 'Token extracted from the secret of service account (should be base 64 decoded)'
+    required: false
+    default: ''
+  resource-group:
+    description: 'Azure resource group name'
+    required: false
+    default: ''
+  cluster-name:
+    description: 'Azure connected cluster name'
+    required: false
+    default: ''
 
 branding:
   color: 'green' # optional, decorates the entry in the GitHub Marketplace
 runs:
   using: 'node12'
-  main: 'lib/login.js'
+  main: 'lib/login.js'
@@ -0,0 +1,92 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = require("@actions/core");
+const path = require("path");
+const child_process_1 = require("child_process");
+const fs = require("fs");
+const io = require("@actions/io");
+const exec = require("@actions/exec");
+var azPath;
+const kubeconfig_timeout = 120; //timeout in seconds
+function getArcKubeconfig() {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            let method = core.getInput('method');
+            if (method != 'service-account' && method != 'service-principal') {
+                throw Error("Supported methods for arc cluster are 'service-account' and 'service-principal'.");
+            }
+            let resourceGroupName = core.getInput('resource-group');
+            let clusterName = core.getInput('cluster-name');
+            if (!resourceGroupName) {
+                throw Error("'resourceGroupName' is not passed for arc cluster.");
+            }
+            if (!clusterName) {
+                throw Error("'clusterName' is not passed for arc cluster.");
+            }
+            azPath = yield io.which("az", true);
+            yield executeAzCliCommand(`account show`, false);
+            try {
+                yield executeAzCliCommand(`extension remove -n connectedk8s`, false);
+            }
+            catch (_a) {
+                //ignore if this causes an error
+            }
+            yield executeAzCliCommand(`extension add -n connectedk8s`, false);
+            yield executeAzCliCommand(`extension list`, false);
+            const runnerTempDirectory = process.env['RUNNER_TEMP']; // Using process.env until the core libs are updated
+            const kubeconfigPath = path.join(runnerTempDirectory, `kubeconfig_${Date.now()}`);
+            if (method == 'service-account') {
+                let saToken = core.getInput('token');
+                if (!saToken) {
+                    throw Error("'saToken' is not passed for 'service-account' method.");
+                }
+                console.log("using 'service-account' method for authenticating to arc cluster.");
+                const proc = child_process_1.spawn(azPath, ['connectedk8s', 'proxy', '-n', clusterName, '-g', resourceGroupName, '-f', kubeconfigPath, '--token', saToken], {
+                    detached: true,
+                    stdio: 'ignore'
+                });
+                proc.unref();
+            }
+            else {
+                console.log("using 'service-principal' method for authenticating to arc cluster.");
+                const proc = child_process_1.spawn(azPath, ['connectedk8s', 'proxy', '-n', clusterName, '-g', resourceGroupName, '-f', kubeconfigPath], {
+                    detached: true,
+                    stdio: 'ignore'
+                });
+                proc.unref();
+            }
+            console.log(`Waiting for ${kubeconfig_timeout} seconds for kubeconfig to be merged....`);
+            yield sleep(kubeconfig_timeout * 1000); //sleeping for 2 minutes to allow kubeconfig to be merged
+            fs.chmodSync(kubeconfigPath, '600');
+            core.exportVariable('KUBECONFIG', kubeconfigPath);
+            console.log('KUBECONFIG environment variable is set');
+        }
+        catch (ex) {
+            return Promise.reject(ex);
+        }
+    });
+}
+exports.getArcKubeconfig = getArcKubeconfig;
+function sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
+function executeAzCliCommand(command, silent, execOptions = {}, args = []) {
+    return __awaiter(this, void 0, void 0, function* () {
+        execOptions.silent = !!silent;
+        try {
+            yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
+        }
+        catch (error) {
+            throw new Error(error);
+        }
+    });
+}
@@ -0,0 +1,99 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const util = require("util");
+const fs = require("fs");
+const httpClient = require("typed-rest-client/HttpClient");
+const core = require("@actions/core");
+var httpCallbackClient = new httpClient.HttpClient('GITHUB_RUNNER', null, {});
+class WebRequest {
+}
+exports.WebRequest = WebRequest;
+class WebResponse {
+}
+exports.WebResponse = WebResponse;
+class WebRequestOptions {
+}
+exports.WebRequestOptions = WebRequestOptions;
+function sendRequest(request, options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let i = 0;
+        let retryCount = options && options.retryCount ? options.retryCount : 5;
+        let retryIntervalInSeconds = options && options.retryIntervalInSeconds ? options.retryIntervalInSeconds : 2;
+        let retriableErrorCodes = options && options.retriableErrorCodes ? options.retriableErrorCodes : ["ETIMEDOUT", "ECONNRESET", "ENOTFOUND", "ESOCKETTIMEDOUT", "ECONNREFUSED", "EHOSTUNREACH", "EPIPE", "EA_AGAIN"];
+        let retriableStatusCodes = options && options.retriableStatusCodes ? options.retriableStatusCodes : [408, 409, 500, 502, 503, 504];
+        let timeToWait = retryIntervalInSeconds;
+        while (true) {
+            try {
+                if (request.body && typeof (request.body) !== 'string' && !request.body["readable"]) {
+                    request.body = fs.createReadStream(request.body["path"]);
+                }
+                let response = yield sendRequestInternal(request);
+                if (retriableStatusCodes.indexOf(response.statusCode) != -1 && ++i < retryCount) {
+                    core.debug(util.format("Encountered a retriable status code: %s. Message: '%s'.", response.statusCode, response.statusMessage));
+                    yield sleepFor(timeToWait);
+                    timeToWait = timeToWait * retryIntervalInSeconds + retryIntervalInSeconds;
+                    continue;
+                }
+                return response;
+            }
+            catch (error) {
+                if (retriableErrorCodes.indexOf(error.code) != -1 && ++i < retryCount) {
+                    core.debug(util.format("Encountered a retriable error:%s. Message: %s.", error.code, error.message));
+                    yield sleepFor(timeToWait);
+                    timeToWait = timeToWait * retryIntervalInSeconds + retryIntervalInSeconds;
+                }
+                else {
+                    if (error.code) {
+                        core.debug("error code =" + error.code);
+                    }
+                    throw error;
+                }
+            }
+        }
+    });
+}
+exports.sendRequest = sendRequest;
+function sleepFor(sleepDurationInSeconds) {
+    return new Promise((resolve, reject) => {
+        setTimeout(resolve, sleepDurationInSeconds * 1000);
+    });
+}
+exports.sleepFor = sleepFor;
+function sendRequestInternal(request) {
+    return __awaiter(this, void 0, void 0, function* () {
+        core.debug(util.format("[%s]%s", request.method, request.uri));
+        var response = yield httpCallbackClient.request(request.method, request.uri, request.body, request.headers);
+        return yield toWebResponse(response);
+    });
+}
+function toWebResponse(response) {
+    return __awaiter(this, void 0, void 0, function* () {
+        var res = new WebResponse();
+        if (response) {
+            res.statusCode = response.message.statusCode;
+            res.statusMessage = response.message.statusMessage;
+            res.headers = response.message.headers;
+            var body = yield response.readBody();
+            if (body) {
+                try {
+                    res.body = JSON.parse(body);
+                }
+                catch (error) {
+                    core.debug("Could not parse response: " + JSON.stringify(error));
+                    core.debug("Response: " + JSON.stringify(res.body));
+                    res.body = body;
+                }
+            }
+        }
+        return res;
+    });
+}