From 222ba2f0d53daead10f018e524d591334eea5b9f Mon Sep 17 00:00:00 2001
From: Jianghao Lu <jianghaolu@users.noreply.github.com>
Date: Tue, 20 Dec 2016 01:13:13 -0800
Subject: [PATCH 1/3] Use latest simple command to create auth file

---
 AUTH.md | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/AUTH.md b/AUTH.md
index 05f5eab424e6..5fa70e9a89b4 100644
--- a/AUTH.md
+++ b/AUTH.md
@@ -48,19 +48,13 @@ If you save such service principal-based credentials as a file, or store them in
 
 You can easily create a service principal and grant it access privileges for a given subscription through Azure CLI 2.0.
 
-1. Create a new blank text file with the format described in section [Using an authentication file](#using-an-authentication-file).
-1. Install Azure CLI by following the [README](https://github.com/Azure/azure-cli/blob/master/README.rst).
-1. Login by running command `az login`.
-1. Select the subscription you want your service principal to have access to by running `az account set <subscription name>`. You can view your subscriptions by `az account list --out jsonc`. Copy the subscription id into `subscription` field in the file.
-1. Create a service principal by `az ad sp create-for-rbac`. Copy the **client_id** value into `client` field in the file, and **client_secret** value into `key` field.
-1. Assign a role to the service principal. You can find the command to execute in the "Assign a role" section from the output of the previous command. It should look like `az role assignment create --assignee <client id> --role Contributor`. The role can be "Owner", "Contributer", "Reader", etc. For more information about roles in Azure, please refer to https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-what-is/. 
-1. Put your email domain into the `tenant` field, e.g., contoso.com.
-1. Assuming you are using the Azure worldwide public cloud, also add the following to your text file: \(Note that this file follows the Java properties file format, so certain characters, such as colons, need to be escaped with a backslash\)<br/>
-    `managementURI=https\://management.core.windows.net/`<br/>
-    `baseURL=https\://management.azure.com/`</br>
-    `authURL=https\://login.windows.net/`<br/>
-    `graphURL=https\://graph.windows.net/`<br/> 
-  For other environments, please refer to [AzureEnvironment.java](https://github.com/Azure/autorest-clientruntime-for-java/blob/v1.0.0-beta3/azure-client-runtime/src/main/java/com/microsoft/azure/AzureEnvironment.java) for their corresponding values. 
+1. Install Azure CLI (>0.1.0b11) by following the [README](https://github.com/Azure/azure-cli/blob/master/README.rst).
+1. Install `jq` by following the instructions here: https://stedolan.github.io/jq/download/.
+1. Login as a user by running command `az login`. If you are not in Azure public cloud, use `az context create` command to switch to your cloud before login.
+1. Select the subscription you want your service principal to have access to by running `az account set --subscription <subscription name>`. You can view your subscriptions by `az account list --out jsonc`.
+1. Run the following command to create a service principal authentication file.
+```
+az ad sp create-for-rbac --expanded-view -o json --query "{subscription: subscriptionId, client: client, key: password, tenant: tenantId, managementURI: endpoints.management, baseURL: endpoints.resourceManager, authURL: endpoints.activeDirectory, graphURL: endpoints.activeDirectoryGraphResourceId}" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]"
+```
 
 Now all the pieces are in place to enable authenticating your code without requiring an interactive login nor the need to manage access tokens.
-

From aab94ac7891c5b37275b198827e193ffd303ecf4 Mon Sep 17 00:00:00 2001
From: Jianghao Lu <jianghaolu@users.noreply.github.com>
Date: Tue, 20 Dec 2016 11:26:44 -0800
Subject: [PATCH 2/3] Update the command to be more robust

---
 AUTH.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/AUTH.md b/AUTH.md
index 5fa70e9a89b4..dd143d6bb439 100644
--- a/AUTH.md
+++ b/AUTH.md
@@ -48,13 +48,13 @@ If you save such service principal-based credentials as a file, or store them in
 
 You can easily create a service principal and grant it access privileges for a given subscription through Azure CLI 2.0.
 
-1. Install Azure CLI (>0.1.0b11) by following the [README](https://github.com/Azure/azure-cli/blob/master/README.rst).
-1. Install `jq` by following the instructions here: https://stedolan.github.io/jq/download/.
+1. Install Azure CLI (>=0.1.0b11) by following the [README](https://github.com/Azure/azure-cli/blob/master/README.rst).
+1. Install `jq` (>=1.5) by following the instructions here: https://stedolan.github.io/jq/download/.
 1. Login as a user by running command `az login`. If you are not in Azure public cloud, use `az context create` command to switch to your cloud before login.
 1. Select the subscription you want your service principal to have access to by running `az account set --subscription <subscription name>`. You can view your subscriptions by `az account list --out jsonc`.
 1. Run the following command to create a service principal authentication file.
 ```
-az ad sp create-for-rbac --expanded-view -o json --query "{subscription: subscriptionId, client: client, key: password, tenant: tenantId, managementURI: endpoints.management, baseURL: endpoints.resourceManager, authURL: endpoints.activeDirectory, graphURL: endpoints.activeDirectoryGraphResourceId}" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]"
+az ad sp create-for-rbac --expanded-view -o json --query "{subscription: subscriptionId, client: client, key: password, tenant: tenantId, managementURI: endpoints.management, baseURL: endpoints.resourceManager, authURL: endpoints.activeDirectory, graphURL: endpoints.activeDirectoryGraphResourceId}" | jq -r "to_entries|map(\"\(.key)=\(.value|sub(\"https:(?<x>.+[^/])$\";\"https\\\\:\(.x)/\"))\")|.[]"
 ```
 
 Now all the pieces are in place to enable authenticating your code without requiring an interactive login nor the need to manage access tokens.

From 498653cfb11de4c08d11299960a04eb08cec96a9 Mon Sep 17 00:00:00 2001
From: Jianghao Lu <jianghaolu@users.noreply.github.com>
Date: Tue, 20 Dec 2016 11:35:33 -0800
Subject: [PATCH 3/3] Even more robust

---
 AUTH.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/AUTH.md b/AUTH.md
index dd143d6bb439..218d84ab0b37 100644
--- a/AUTH.md
+++ b/AUTH.md
@@ -54,7 +54,7 @@ You can easily create a service principal and grant it access privileges for a g
 1. Select the subscription you want your service principal to have access to by running `az account set --subscription <subscription name>`. You can view your subscriptions by `az account list --out jsonc`.
 1. Run the following command to create a service principal authentication file.
 ```
-az ad sp create-for-rbac --expanded-view -o json --query "{subscription: subscriptionId, client: client, key: password, tenant: tenantId, managementURI: endpoints.management, baseURL: endpoints.resourceManager, authURL: endpoints.activeDirectory, graphURL: endpoints.activeDirectoryGraphResourceId}" | jq -r "to_entries|map(\"\(.key)=\(.value|sub(\"https:(?<x>.+[^/])$\";\"https\\\\:\(.x)/\"))\")|.[]"
+az ad sp create-for-rbac --expanded-view -o json --query "{subscription: subscriptionId, client: client, key: password, tenant: tenantId, managementURI: endpoints.management, baseURL: endpoints.resourceManager, authURL: endpoints.activeDirectory, graphURL: endpoints.activeDirectoryGraphResourceId}" | jq -r "to_entries|map(\"\(.key)=\(.value|sub(\"https:(?<x>.+[^/])/?$\";\"https\\\\:\(.x)/\"))\")|.[]"
 ```
 
 Now all the pieces are in place to enable authenticating your code without requiring an interactive login nor the need to manage access tokens.