From 0bf460954828291cd8b7d93aeca85d7f2fbaab72 Mon Sep 17 00:00:00 2001 From: Wes Haggard Date: Wed, 15 May 2024 15:31:31 -0700 Subject: [PATCH 1/2] Convert live test clean-up to use WIF for open source api access --- eng/common/scripts/Helpers/Metadata-Helpers.ps1 | 10 ++++++---- eng/pipelines/live-test-cleanup-template.yml | 14 +++++++++++--- eng/scripts/live-test-resource-cleanup.ps1 | 12 ++---------- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/eng/common/scripts/Helpers/Metadata-Helpers.ps1 b/eng/common/scripts/Helpers/Metadata-Helpers.ps1 index 3df2c0684a7..1e169198159 100644 --- a/eng/common/scripts/Helpers/Metadata-Helpers.ps1 +++ b/eng/common/scripts/Helpers/Metadata-Helpers.ps1 @@ -17,9 +17,9 @@ function Generate-AadToken ($TenantId, $ClientId, $ClientSecret) return $resp.access_token } -function GetAllGithubUsers ([string]$TenantId, [string]$ClientId, [string]$ClientSecret) +function GetAllGithubUsers ([string]$TenantId, [string]$ClientId, [string]$ClientSecret, [string]$Token) { - # API documentation (out of date): https://github.com/microsoft/opensource-management-portal/blob/main/docs/api.md + # API documentation: https://github.com/1ES-microsoft/opensource-management-portal/blob/trunk/docs/microsoft.api.md $OpensourceAPIBaseURI = "https://repos.opensource.microsoft.com/api/people/links" $Headers = @{ @@ -28,8 +28,10 @@ function GetAllGithubUsers ([string]$TenantId, [string]$ClientId, [string]$Clien } try { - $opsAuthToken = Generate-AadToken -TenantId $TenantId -ClientId $ClientId -ClientSecret $ClientSecret - $Headers["Authorization"] = "Bearer $opsAuthToken" + if (!$Token) { + $Token = Generate-AadToken -TenantId $TenantId -ClientId $ClientId -ClientSecret $ClientSecret + } + $Headers["Authorization"] = "Bearer $Token" Write-Host "Fetching all github alias links" $resp = Invoke-RestMethod $OpensourceAPIBaseURI -Method 'GET' -Headers $Headers -MaximumRetryCount 3 } catch { diff --git a/eng/pipelines/live-test-cleanup-template.yml b/eng/pipelines/live-test-cleanup-template.yml index 129bebb48f8..2bf9d747d22 100644 --- a/eng/pipelines/live-test-cleanup-template.yml +++ b/eng/pipelines/live-test-cleanup-template.yml @@ -19,6 +19,16 @@ steps: parameters: SubscriptionConfigurations: ${{ parameters.SubscriptionConfigurations }} + - task: AzureCLI@2 + displayName: Authenticate to OpenSource API + inputs: + azureSubscription: opensource-api-connection + scriptType: pscore + scriptLocation: inlineScript + inlineScript: | + $jwt_accessToken = az account get-access-token --scope 2789159d-8d8b-4d13-b90b-ca29c1707afd/.default --query "accessToken" --output tsv + Write-Host "##vso[task.setvariable variable=opensource-api-token;isSecret=true]$jwt_accessToken" + - pwsh: | eng/common/scripts/Import-AzModules.ps1 Import-Module Az.Accounts @@ -28,9 +38,7 @@ steps: '@ | ConvertFrom-Json -AsHashtable ./eng/scripts/live-test-resource-cleanup.ps1 ` - -OpensourceApiApplicationId $(opensource-aad-app-id) ` - -OpensourceApiApplicationSecret $(opensource-aad-secret) ` - -OpensourceApiApplicationTenant $(opensource-aad-tenant-id) ` + -OpensourceApiApplicationToken $(opensource-api-token) ` -GithubAliasCachePath ${{ parameters.GithubAliasCachePath }} ` @subscriptionConfiguration ` -Verbose ` diff --git a/eng/scripts/live-test-resource-cleanup.ps1 b/eng/scripts/live-test-resource-cleanup.ps1 index 4300ac80188..9b2765061da 100644 --- a/eng/scripts/live-test-resource-cleanup.ps1 +++ b/eng/scripts/live-test-resource-cleanup.ps1 @@ -20,17 +20,9 @@ param ( [ValidateNotNullOrEmpty()] [string] $ProvisionerApplicationSecret, - [Parameter(ParameterSetName = 'Provisioner', Mandatory = $true)] - [ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')] - [string] $OpensourceApiApplicationId, - - [Parameter(ParameterSetName = 'Provisioner', Mandatory = $true)] - [ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')] - [string] $OpensourceApiApplicationTenantId, - [Parameter(ParameterSetName = 'Provisioner', Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string] $OpensourceApiApplicationSecret, + [string] $OpensourceApiApplicationToken, [Parameter(ParameterSetName = 'Provisioner', Mandatory = $true)] [Parameter(ParameterSetName = 'Interactive')] @@ -167,7 +159,7 @@ function AddGithubUsersToAliasCache() { $users = Get-Content $GithubAliasCachePath | ConvertFrom-Json -AsHashtable } else { Write-Host "Retrieving github -> microsoft alias mappings from opensource API." - $users = GetAllGithubUsers $OpensourceApiApplicationTenantId $OpensourceApiApplicationId $OpensourceApiApplicationSecret + $users = GetAllGithubUsers -Token $OpensourceApiApplicationToken } if (!$users) { Write-Error "Failed to retrieve github -> microsoft alias mappings from opensource api." From 716d077db77d6bac6397ec1e9e30ea059e2af779 Mon Sep 17 00:00:00 2001 From: Wes Haggard Date: Wed, 15 May 2024 15:51:48 -0700 Subject: [PATCH 2/2] Update login token info --- eng/pipelines/live-test-cleanup-template.yml | 10 ---------- eng/pipelines/live-test-cleanup.yml | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/eng/pipelines/live-test-cleanup-template.yml b/eng/pipelines/live-test-cleanup-template.yml index 2bf9d747d22..c516c1a089f 100644 --- a/eng/pipelines/live-test-cleanup-template.yml +++ b/eng/pipelines/live-test-cleanup-template.yml @@ -19,16 +19,6 @@ steps: parameters: SubscriptionConfigurations: ${{ parameters.SubscriptionConfigurations }} - - task: AzureCLI@2 - displayName: Authenticate to OpenSource API - inputs: - azureSubscription: opensource-api-connection - scriptType: pscore - scriptLocation: inlineScript - inlineScript: | - $jwt_accessToken = az account get-access-token --scope 2789159d-8d8b-4d13-b90b-ca29c1707afd/.default --query "accessToken" --output tsv - Write-Host "##vso[task.setvariable variable=opensource-api-token;isSecret=true]$jwt_accessToken" - - pwsh: | eng/common/scripts/Import-AzModules.ps1 Import-Module Az.Accounts diff --git a/eng/pipelines/live-test-cleanup.yml b/eng/pipelines/live-test-cleanup.yml index aaabc294099..8129dd77193 100644 --- a/eng/pipelines/live-test-cleanup.yml +++ b/eng/pipelines/live-test-cleanup.yml @@ -85,6 +85,16 @@ stages: # Register the dogfood environment to clean up any custom subscriptions in it - template: /eng/common/TestResources/setup-environments.yml + - task: AzureCLI@2 + displayName: Authenticate to OpenSource API + inputs: + azureSubscription: opensource-api-connection + scriptType: pscore + scriptLocation: inlineScript + inlineScript: | + $jwt_accessToken = az account get-access-token --resource "api://2789159d-8d8b-4d13-b90b-ca29c1707afd" --query "accessToken" --output tsv + Write-Host "##vso[task.setvariable variable=opensource-api-token;isSecret=true]$jwt_accessToken" + - ${{ each subscription in parameters.Subscriptions }}: - template: ./live-test-cleanup-template.yml parameters: