microsoft · viralpandya · Dec 26, 2024 · Dec 26, 2024 · Dec 26, 2024 · Dec 26, 2024
@@ -1,3 +1,3 @@
-registry=https://pkgs.dev.azure.com/mseng/PipelineTools/_packaging/PipelineTools_PublicPackages/npm/registry/
-
+registry=https://pkgs.dev.azure.com/mseng/PipelineTools/_packaging/PipelineTools_PublicPackages/npm/registry/ 
+                        
 always-auth=true
@@ -0,0 +1,54 @@
+import * as path from 'path';
+import * as tl from 'azure-pipelines-task-lib';
+import { emitTelemetry } from 'azure-pipelines-tasks-artifacts-common/telemetry'
+
+export async function getAccessTokenViaWIFederationUsingADOServiceConnection(connectedService: string): Promise<string> {
+
+  let forceReinstallCredentialProvider = null;
+  try {
+    tl.setResourcePath(path.join(__dirname, 'task.json'));
+
+    const ADOResponse: { oidcToken: String } = await (await fetch(process.env["SYSTEM_OIDCREQUESTURI"] + "?api-version=7.1&serviceConnectionId=" + connectedService, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': 'Bearer ' + process.env["SYSTEM_ACCESSTOKEN"]
+      }
+    })).json() as { oidcToken: String };
+
+    let tenant = tl.getEndpointAuthorizationParameterRequired(connectedService, "TenantId");
+    let entraURI = "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token"; // let entraURI = "https://login.windows-ppe.net/"+tenant+"/oauth2/v2.0/token";
+
+    let clientId = tl.getEndpointAuthorizationParameterRequired(connectedService, "ServicePrincipalId");
+
+    let body = {
+      'scope': "499b84ac-1321-427f-aa17-267ca6975798/.default",
+      'client_id': clientId,
+      'client_assertion_type': "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
+      'client_assertion': ADOResponse.oidcToken,
+      'grant_type': "client_credentials"
+    };
+    let formBody = Object.keys(body)
+      .map(key => encodeURIComponent(key) + '=' + encodeURIComponent(body[key]))
+      .join('&');
+
+    const entraResponse: { access_token: string } = await (await fetch(entraURI, {
+      method: 'POST',
+      body: formBody,
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded'
+      }
+    })).json() as { access_token: string };
+
+    return await entraResponse.access_token;
+
+  } catch (error) {
+    tl.setResult(tl.TaskResult.Failed, error);
+
+  } finally {
+
+    emitTelemetry("ArtifactCore", "PublishSymbolsV2", {
+      'PublishSymbolsV2.ForceReinstallCredentialProvider': forceReinstallCredentialProvider
+    });
+  }
+}
@@ -1,5 +1,4 @@
 import * as tl from "azure-pipelines-task-lib/task";
-import * as clientToolUtils from "azure-pipelines-tasks-packaging-common/universal/ClientToolUtilities";
 
 const nodeVersion = parseInt(process.version.split('.')[0].replace('v', ''));
 if(nodeVersion < 16) {
@@ -9,7 +8,7 @@ if(nodeVersion < 16) {
 import * as msal from "@azure/msal-node";
 import { getFederatedToken } from "azure-pipelines-tasks-azure-arm-rest/azCliUtility";
 
-export async function getAccessTokenViaWorkloadIdentityFederation(connectedService: string): Promise<string> {
+export async function getAccessTokenViaWorkloadIdentityFederationUsingARMServiceConnection(connectedService: string): Promise<string> {
 
   // workloadidentityfederation
   const authorizationScheme = tl

@@ -5,7 +5,8 @@ import * as clientToolUtils from "azure-pipelines-tasks-packaging-common/univers
 import * as clientToolRunner from "azure-pipelines-tasks-packaging-common/universal/ClientToolRunner";
 import * as tl from "azure-pipelines-task-lib/task";
 import { IExecSyncResult, IExecOptions } from "azure-pipelines-task-lib/toolrunner";
-import { getAccessTokenViaWorkloadIdentityFederation } from './Auth';
+import * as ArmServiceConnectionAuth from './ArmServiceConnectionAuth';
+import * as ADOserviceConnectionAuth from './ADOServiceConnectionAuth';
 
 const nodeVersion = parseInt(process.version.split('.')[0].replace('v', ''));
 if(nodeVersion < 16) {
@@ -38,7 +39,8 @@ export async function run(clientToolFilePath: string): Promise<void> {
         let AsAccountName = tl.getVariable("ArtifactServices.Symbol.AccountName");
         let symbolServiceUri = "https://" + encodeURIComponent(AsAccountName) + ".artifacts.visualstudio.com"
         let personalAccessToken = tl.getVariable("ArtifactServices.Symbol.PAT");
-        const connectedServiceName = tl.getInput("ConnectedServiceName", false);
+        const armConnectedServiceName = tl.getInput("ConnectedServiceName", false);
+        const azureDevOpsServiceConnection = tl.getInput("AzureDevOpsServiceConnection", false);
         const manifest = tl.getInput("Manifest", false); 
         if(manifest && !fileExists(manifest)) {
             throw new Error(tl.loc("ManifestFileNotFound", manifest));
@@ -48,11 +50,18 @@ export async function run(clientToolFilePath: string): Promise<void> {
             tl.debug("Manifest file found at: " + manifest);
         }
 
-        tl.debug("connectedServiceName: " + connectedServiceName);
+        tl.debug("connectedServiceName: " + armConnectedServiceName);
+        tl.debug("AzureDevOpsServiceConnection: " + azureDevOpsServiceConnection);
 
-        if(connectedServiceName){
-            tl.debug("connectedServiceName: " + connectedServiceName);
-            personalAccessToken = await getAccessTokenViaWorkloadIdentityFederation(connectedServiceName);
+        if(azureDevOpsServiceConnection){
+            //AzureDevOps service connection
+            tl.debug("AzureDevOpsServiceConnection: " + azureDevOpsServiceConnection);
+            personalAccessToken = await ADOserviceConnectionAuth.getAccessTokenViaWIFederationUsingADOServiceConnection(azureDevOpsServiceConnection);
+        }
+        else if(armConnectedServiceName){
+            //ARM service connection
+            tl.debug("connectedServiceName: " + armConnectedServiceName);
+            personalAccessToken = await ArmServiceConnectionAuth.getAccessTokenViaWorkloadIdentityFederationUsingARMServiceConnection(armConnectedServiceName);
         }
         else if (AsAccountName) {
             tl.debug("AsAccountName: " + AsAccountName);

@@ -4,6 +4,12 @@
   "loc.description": "Hiermit wird Ihr Quellcode indiziert, und Symbole werden in einer Dateifreigabe oder auf einem Azure Artifacts-Symbolserver veröffentlicht.",
   "loc.instanceNameFormat": "Pfad für Symbolveröffentlichung",
   "loc.group.displayName.advanced": "Erweitert",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "Pfad zum Symbolordner",
   "loc.input.help.SymbolsFolder": "Der Pfad zu dem Ordner, der nach Symboldateien durchsucht wird. Der Standardwert ist \"$(Build.SourcesDirectory)\". Geben Sie andernfalls einen Stammpfad an, z. B.: \"$(Build.BinariesDirectory)/MyProject\".",
   "loc.input.label.SearchPattern": "Suchmuster",

@@ -4,8 +4,12 @@
   "loc.description": "Index your source code and publish symbols to a file share or Azure Artifacts symbol server",
   "loc.instanceNameFormat": "Publish symbols path",
   "loc.group.displayName.advanced": "Advanced",
+  "loc.input.label.AzureDevOpsServiceConnection": "AzureDevOps service connection",
+  "loc.input.help.AzureDevOpsServiceConnection": "Name of the AzureDevOps service connection.",
   "loc.input.label.ConnectedServiceName": "Azure Resource Manager connection",
   "loc.input.help.ConnectedServiceName": "Name of the Azure Resource Manager service connection. Supported authentication type is currently only workload identity federation.",
+  "loc.input.label.ForceReinstallCredentialProvider": "Reinstall the credential provider even if already installed",
+  "loc.input.help.ForceReinstallCredentialProvider": "If the credential provider is already installed in the user profile, determines if it is overwritten with the task-provided credential provider. This may upgrade (or potentially downgrade) the credential provider.",
   "loc.input.label.SymbolsFolder": "Path to symbols folder",
   "loc.input.help.SymbolsFolder": "The path to the folder that is searched for symbol files.  The default is $(Build.SourcesDirectory).  Otherwise specify a rooted path, for example: $(Build.BinariesDirectory)/MyProject",
   "loc.input.label.SearchPattern": "Search pattern",

@@ -4,6 +4,12 @@
   "loc.description": "Indexe el código fuente y publique los símbolos en un recurso compartido de archivos o en el servidor de símbolos de Azure Artifacts.",
   "loc.instanceNameFormat": "Publicar ruta de acceso de símbolos",
   "loc.group.displayName.advanced": "Avanzado",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "Ruta de acceso a la carpeta de los símbolos",
   "loc.input.help.SymbolsFolder": "Ruta de acceso a la carpeta en la que se buscan los archivos de símbolos. El valor predeterminado es $(Build.SourcesDirectory). De lo contrario, especifique una ruta de acceso raíz, por ejemplo: $(Build.BinariesDirectory)/MyProject",
   "loc.input.label.SearchPattern": "Patrón de búsqueda",

@@ -4,6 +4,12 @@
   "loc.description": "Indexer du code source et publier des symboles sur un partage de fichiers ou un serveur de symboles Azure Artifacts",
   "loc.instanceNameFormat": "Chemin de publication des symboles",
   "loc.group.displayName.advanced": "Avancé",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "Chemin d'accès du dossier de symboles",
   "loc.input.help.SymbolsFolder": "Chemin du dossier de recherche des fichiers de symboles. La valeur par défaut est $(Build.SourcesDirectory). Sinon, spécifiez un chemin associé à une racine. Exemple : $(Build.BinariesDirectory)/MyProject",
   "loc.input.label.SearchPattern": "Modèle de recherche",

@@ -4,6 +4,12 @@
   "loc.description": "Consente di indicizzare il codice sorgente e di pubblicare i simboli in una condivisione file o in server dei simboli di Azure Artifacts",
   "loc.instanceNameFormat": "Percorso di pubblicazione simboli",
   "loc.group.displayName.advanced": "Avanzate",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "Percorso della cartella dei simboli",
   "loc.input.help.SymbolsFolder": "Percorso della cartella in cui vengono cercati i file di simboli. L'impostazione predefinita è $(Build.SourcesDirectory). In caso contrario, specificare un percorso completo, ad esempio: $(Build.BinariesDirectory)/MyProject",
   "loc.input.label.SearchPattern": "Criteri di ricerca",

@@ -4,6 +4,12 @@
   "loc.description": "ソース コードにインデックスを作成し、シンボルをファイル共有または Azure Artifacts シンボル サーバーに公開します",
   "loc.instanceNameFormat": "シンボル パスを発行する",
   "loc.group.displayName.advanced": "詳細設定",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "シンボル フォルダーへのパス",
   "loc.input.help.SymbolsFolder": "シンボル ファイルを検索するソース フォルダーへのパス。既定値は $(Build.SourcesDirectory) です。それ以外の場合は、$(Build.BinariesDirectory)/MyProject などのルート指定のパスを指定してください",
   "loc.input.label.SearchPattern": "検索パターン",

@@ -4,6 +4,12 @@
   "loc.description": "소스 코드를 인덱싱하고 파일 공유 또는 Azure Artifacts 기호 서버에 기호를 게시합니다.",
   "loc.instanceNameFormat": "기호 경로 게시",
   "loc.group.displayName.advanced": "고급",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "기호 폴더 경로",
   "loc.input.help.SymbolsFolder": "기호 파일을 검색할 폴더의 경로입니다. 기본값은 $(Build.SourcesDirectory)입니다. 그렇지 않으면 루트 경로를 지정하세요(예: $(Build.BinariesDirectory)/MyProject).",
   "loc.input.label.SearchPattern": "검색 패턴",

@@ -4,6 +4,12 @@
   "loc.description": "Индексация исходного кода и публикация символов в общей папке или на сервере символов Azure Artifacts",
   "loc.instanceNameFormat": "Путь публикации символов",
   "loc.group.displayName.advanced": "Дополнительно",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "Путь к папке символов",
   "loc.input.help.SymbolsFolder": "Путь к папке, в которой ищутся файлы символов. По умолчанию используется папка $(Build.SourcesDirectory). В противном случае можно указать корневой путь, (например, $(Build.BinariesDirectory)/MyProject).",
   "loc.input.label.SearchPattern": "Шаблон поиска",

@@ -4,6 +4,12 @@
   "loc.description": "为你的源代码编制索引并将符号发布到文件共享或 Azure Artifacts 符号服务器",
   "loc.instanceNameFormat": "发布符号路径",
   "loc.group.displayName.advanced": "高级",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "符号文件夹的路径",
   "loc.input.help.SymbolsFolder": "在其中搜索符号文件的文件夹的路径。默认为 $(Build.SourcesDirectory)。在其他情况下，指定根路径。例如: $(Build.BinariesDirectory)/MyProject",
   "loc.input.label.SearchPattern": "搜索模式",

@@ -4,6 +4,12 @@
   "loc.description": "編製原始程式碼的索引，並將符號發佈至檔案共用或 Azure Artifacts 符號伺服器",
   "loc.instanceNameFormat": "發行符號路徑",
   "loc.group.displayName.advanced": "進階",
+  "loc.input.label.AzureDevOpsServiceConnection": "",
+  "loc.input.help.AzureDevOpsServiceConnection": "",
+  "loc.input.label.ConnectedServiceName": "",
+  "loc.input.help.ConnectedServiceName": "",
+  "loc.input.label.ForceReinstallCredentialProvider": "",
+  "loc.input.help.ForceReinstallCredentialProvider": "",
   "loc.input.label.SymbolsFolder": "符號資料夾的路徑",
   "loc.input.help.SymbolsFolder": "搜尋符號檔案所在資料夾的路徑。預設值為 $(Build.SourcesDirectory)。否則請指定根路徑。例如: $(Build.BinariesDirectory)/MyProject",
   "loc.input.label.SearchPattern": "搜尋模式",

@@ -1,12 +1,13 @@
 {
   "rm": [
-      {
-          "items": [
-              "node_modules/https-proxy-agent/node_modules/agent-base",
-              "node_modules/azure-pipelines-tasks-azure-arm-rest/node_modules/agent-base"
-          ],
-          "options": "-Rf"
-      }
+    {
+      "items": [
+        "node_modules/https-proxy-agent/node_modules/agent-base",
+        "node_modules/azure-pipelines-tasks-azure-arm-rest/node_modules/agent-base",
+        "node_modules/azure-pipelines-tasks-artifacts-common/node_modules/azure-pipelines-task-lib"
+      ],
+      "options": "-Rf"
+    }
   ],
   "common": [
     {
@@ -106,6 +107,14 @@
         "archiveName": "symbol.zip",
         "url": "https://vstsagenttools.blob.core.windows.net/tools/symstore/2/symbol.zip",
         "dest": "./"
+      },
+      {
+        "url": "https://vstsagenttools.blob.core.windows.net/tools/NuGetCredProvider/1.0.9/c.zip",
+        "dest": "./ArtifactsCredProvider/"
+      },
+      {
+        "url": "https://vstsagenttools.blob.core.windows.net/tools/NuGetCredProvider/1.0.9/n6.zip",
+        "dest": "./ArtifactsCredProviderNet6/"
       }
     ]
   },
@@ -118,4 +127,4 @@
       "options": "-R"
     }
   ]
-}
+}
@@ -13,8 +13,8 @@
   "preview": false,
   "version": {
     "Major": 2,
-    "Minor": 250,
-    "Patch": 2
+    "Minor": 251,
+    "Patch": 0
   },
   "minimumAgentVersion": "2.144.0",
   "groups": [
@@ -25,6 +25,23 @@
     }
   ],
   "inputs": [
+    {
+      "name": "AzureDevOpsServiceConnection",
+      "type": "connectedService:workloadidentityuser",
+      "required": true,
+      "properties": {
+        "EditableOptions": "False",
+        "MultiSelectFlatList": "True"
+      },
+      "helpMarkDown": "Name of the AzureDevOps service connection."
+    },
+    {
+      "name": "forceReinstallCredentialProvider",
+      "type": "boolean",
+      "label": "Reinstall the credential provider even if already installed",
+      "defaultValue": "false",
+      "helpMarkDown": "If the credential provider is already installed in the user profile, determines if it is overwritten with the task-provided credential provider. This may upgrade (or potentially downgrade) the credential provider."
+    },
     {
       "name": "ConnectedServiceName",
       "type": "connectedService:AzureRM",