Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Managed Identity and Service Principal Support #492

Merged
merged 33 commits into from
Jun 10, 2024
Merged

Managed Identity and Service Principal Support #492

Show file tree
Hide file tree
Changes from 29 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
59fcaa8
init
embetten Apr 17, 2024
2c56f4e
Update unit tests
embetten Apr 18, 2024
9625343
Comment out for testing
embetten Apr 19, 2024
3dd06fe
Update BuildEndpoint Credential Provider to call MSAL Managed Identit…
embetten Apr 19, 2024
babe3dd
merge
embetten Apr 19, 2024
f5c2453
Undo non supoorted refactoring
embetten Apr 19, 2024
df05104
Add unique error message for testing purposes
embetten Apr 19, 2024
2599dd9
return MI bearer token
embetten Apr 19, 2024
24e2ea8
revert
embetten Apr 23, 2024
993314c
remove exchange comment
embetten Apr 23, 2024
9499200
Reorder token provider, add tests, formalize string
embetten Apr 23, 2024
13881fb
init
embetten Apr 24, 2024
e3bae2e
merge
embetten Apr 29, 2024
9809076
Update Credential Discovery and Creation
embetten Apr 29, 2024
3cd82f3
Added tests and resource strings
embetten May 1, 2024
34a7af5
removing non compatible syntax
embetten May 1, 2024
aeb048d
fixed another spot
embetten May 1, 2024
cba0c3a
removing duplicate invalid logging
embetten May 1, 2024
8b3edc7
fix single quote warning
embetten May 1, 2024
c15bd3a
Add tenant Id for service principal provider
embetten May 1, 2024
166f551
Remove csproj reference and fix typo
embetten May 1, 2024
0ea2659
Update BuildTaskCredProviderIsUsedError
embetten May 1, 2024
283fa0d
Fix test property group
embetten May 2, 2024
3b6caaa
Address PR Comments
embetten May 10, 2024
5511696
PR fixes Cont.
embetten May 13, 2024
ff948f1
Fix Endpoint casing
embetten May 13, 2024
606646f
Add x5C to certificate
embetten May 13, 2024
4d74c88
more pr comments
embetten May 15, 2024
0dceaff
move BuildTaskServiceEndpoint Token Provider Factory
embetten May 16, 2024
5630071
Fix tests, add licensing, revert ITokenProvidersFactory and update bu…
embetten May 17, 2024
8a4b129
move to global using
embetten May 17, 2024
83f0e39
Fix Build warnings
embetten May 20, 2024
7693d44
fix help test
embetten May 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion CredentialProvider.Microsoft.Tests/CredentialProvider.Microsoft.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
<PropertyGroup>
<LangVersion>latest</LangVersion>
<IsPackable>false</IsPackable>
<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
<GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
</PropertyGroup>

<ItemGroup>
Expand All @@ -18,5 +20,4 @@
<ProjectReference Include="..\CredentialProvider.Microsoft\CredentialProvider.Microsoft.csproj" />
<ProjectReference Include="..\src\Authentication\Microsoft.Artifacts.Authentication.csproj" />
</ItemGroup>

</Project>
47 changes: 30 additions & 17 deletions CredentialProvider.Microsoft.Tests/CredentialProviders/Vsts/AuthUtilTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,27 +45,27 @@ public void TestCleanup()
}

[TestMethod]
public async Task GetAadAuthorityUri_WithoutAuthenticateHeaders_ReturnsCorrectAuthority()
public async Task GetAuthorizationInfoAsync_WithoutAuthenticateHeaders_ReturnsCorrectAuthority()
{
var requestUri = new Uri("https://example.pkgs.visualstudio.com/_packaging/feed/nuget/v3/index.json");

var authorityUri = await authUtil.GetAadAuthorityUriAsync(requestUri, cancellationToken);
var authInfo = await authUtil.GetAuthorizationInfoAsync(requestUri, cancellationToken);

authorityUri.Should().Be(organizationsAuthority);
authInfo.EntraAuthorityUri.Should().Be(organizationsAuthority);
}

[TestMethod]
public async Task GetAadAuthorityUri_WithoutAuthenticateHeadersAndPpe_ReturnsCorrectAuthority()
public async Task GetAuthorizationInfoAsync_WithoutAuthenticateHeadersAndPpe_ReturnsCorrectAuthority()
{
var requestUri = new Uri("https://example.pkgs.vsts.me/_packaging/feed/nuget/v3/index.json");

var authorityUri = await authUtil.GetAadAuthorityUriAsync(requestUri, cancellationToken);
var authInfo = await authUtil.GetAuthorizationInfoAsync(requestUri, cancellationToken);

authorityUri.Should().Be(new Uri("https://login.windows-ppe.net/organizations"));
authInfo.EntraAuthorityUri.Should().Be(new Uri("https://login.windows-ppe.net/organizations"));
}

[TestMethod]
public async Task GetAadAuthorityUri_WithoutAuthenticateHeadersAndPpeAndPpeOverride_ReturnsCorrectAuthority()
public async Task GetAuthorizationInfoAsync_WithoutAuthenticateHeadersAndPpeAndPpeOverride_ReturnsCorrectAuthority()
{
var ppeUris = new[]
{
Expand All @@ -79,36 +79,49 @@ public async Task GetAadAuthorityUri_WithoutAuthenticateHeadersAndPpeAndPpeOverr

foreach (var ppeUri in ppeUris)
{
var authorityUri = await authUtil.GetAadAuthorityUriAsync(ppeUri, cancellationToken);
var authInfo = await authUtil.GetAuthorizationInfoAsync(ppeUri, cancellationToken);

authorityUri.Should().Be(new Uri("https://login.windows-ppe.net/organizations"));
authInfo.EntraAuthorityUri.Should().Be(new Uri("https://login.windows-ppe.net/organizations"));
}
}

[TestMethod]
public async Task GetAadAuthorityUri_WithAuthenticateHeaders_ReturnsCorrectAuthority()
public async Task GetAuthorizationInfoAsync_WithAuthenticateHeaders_ReturnsCorrectAuthority()
{
var requestUri = new Uri("https://example.pkgs.visualstudio.com/_packaging/feed/nuget/v3/index.json");

MockAadAuthorityHeaders(testAuthority);

var authorityUri = await authUtil.GetAadAuthorityUriAsync(requestUri, cancellationToken);
var authInfo = await authUtil.GetAuthorizationInfoAsync(requestUri, cancellationToken);

authorityUri.Should().Be(testAuthority);
authInfo.EntraAuthorityUri.Should().Be(testAuthority);
}

[TestMethod]
public async Task GetAadAuthorityUri_WithAuthenticateHeadersAndEnvironmentOverride_ReturnsOverrideAuthority()
public async Task GetAuthorizationInfoAsync_WithAuthenticateHeadersAndEnvironmentOverride_ReturnsOverrideAuthority()
{
var requestUri = new Uri("https://example.pkgs.visualstudio.com/_packaging/feed/nuget/v3/index.json");
var overrideAuthority = new Uri("https://override.aad.authority.com");

MockAadAuthorityHeaders(testAuthority);

Environment.SetEnvironmentVariable(EnvUtil.MsalAuthorityEnvVar, overrideAuthority.ToString());
var authorityUri = await authUtil.GetAadAuthorityUriAsync(requestUri, cancellationToken);
var authInfo = await authUtil.GetAuthorizationInfoAsync(requestUri, cancellationToken);

authorityUri.Should().Be(overrideAuthority);
authInfo.EntraAuthorityUri.Should().Be(overrideAuthority);
}

[TestMethod]
public async Task GetAuthorizationInfoAsync_WithTenantHeaders_ReturnsCorrectTenantId()
{
var requestUri = new Uri("https://example.pkgs.visualstudio.com/_packaging/feed/nuget/v3/index.json");

var testTenant = Guid.NewGuid();
MockVssResourceTenantHeader(testTenant);

var authInfo = await authUtil.GetAuthorizationInfoAsync(requestUri, cancellationToken);

authInfo.EntraTenantId.Should().Be(testTenant.ToString());
}

[TestMethod]
Expand Down Expand Up @@ -203,9 +216,9 @@ private void MockResponseHeaders(string key, string value)
authUtil.HttpResponseHeaders.Add(key, value);
}

private void MockVssResourceTenantHeader()
private void MockVssResourceTenantHeader(Guid? guid = null)
{
MockResponseHeaders(AuthUtil.VssResourceTenant, Guid.NewGuid().ToString());
MockResponseHeaders(AuthUtil.VssResourceTenant,(guid ?? Guid.NewGuid()).ToString());
}

private void MockVssAuthorizationEndpointHeader()
Expand Down
6 changes: 3 additions & 3 deletions CredentialProvider.Microsoft.Tests/CredentialProviders/Vsts/VstsCredentialProviderTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,15 @@ public void TestInitialize()
mockBearerTokenProvider2.Setup(x => x.CanGetToken(It.IsAny<TokenRequest>())).Returns(true);
mockBearerTokenProvider2.Setup(x => x.GetTokenAsync(It.IsAny<TokenRequest>(), It.IsAny<CancellationToken>())).ReturnsAsync((AuthenticationResult)null);
mockBearerTokenProvidersFactory = new Mock<ITokenProvidersFactory>();
mockBearerTokenProvidersFactory.Setup(x => x.GetAsync(It.IsAny<Uri>())).ReturnsAsync(new[] { mockBearerTokenProvider1.Object, mockBearerTokenProvider2.Object });
mockBearerTokenProvidersFactory.Setup(x => x.Get(It.IsAny<Uri>())).ReturnsAsync(new[] { mockBearerTokenProvider1.Object, mockBearerTokenProvider2.Object });

mockVstsSessionTokenFromBearerTokenProvider = new Mock<IAzureDevOpsSessionTokenFromBearerTokenProvider>();
mockVstsSessionTokenFromBearerTokenProvider.Setup(x => x.GetAzureDevOpsSessionTokenFromBearerToken(It.IsAny<GetAuthenticationCredentialsRequest>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<CancellationToken>()));

mockAuthUtil = new Mock<IAuthUtil>();
mockAuthUtil
.Setup(x => x.GetAadAuthorityUriAsync(It.IsAny<Uri>(), It.IsAny<CancellationToken>()))
.Returns(Task.FromResult(testAuthority));
.Setup(x => x.GetAuthorizationInfoAsync(It.IsAny<Uri>(), It.IsAny<CancellationToken>()))
.Returns(Task.FromResult(new AuthorizationInfo() { EntraAuthorityUri = testAuthority }));

vstsCredentialProvider = new VstsCredentialProvider(
mockLogger.Object,
Expand Down
Loading