Fix retain runs auth. #1565
Fix retain runs auth. #1565
Conversation
mitchdenny
added
EngSys
|
The following pipelines have been queued for testing: |
| ) | ||
|
|
||
| $unencodedAuthToken = "nobody:$AccessToken" | ||
| $unencodedAuthTokenBytes = [System.Text.Encoding]::UTF8.GetBytes($unencodedAuthToken) | ||
| $encodedAuthToken = [System.Convert]::ToBase64String($unencodedAuthTokenBytes) |
There was a problem hiding this comment.
Should we set the encodedAuthToken as a secret value to ensure it doesn't get dumped out into the logs?
There was a problem hiding this comment.
Not sure what you mean? Is there a mechanism in PowerShell to declare a variable as as secret so it is masked out? Or are you suggesting emitting a ##vso secret variable so that Azure DevOps will mask it for us?
There was a problem hiding this comment.
I was thinking about the set variable like we do in other places like https://github.com/Azure/azure-sdk-tools/blob/master/eng/common/TestResources/build-test-resource-config.yml#L22.
There was a problem hiding this comment.
I've made this change, but I'm not entirely comfortable with it. I think that there is some exposure either way here. Fortunately in this context we are using $(System.AccessToken) which is relatively short lived.
|
The following pipelines have been queued for testing: |
|
Hello @azure-sdk! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
ghost
merged commit 
This PR fixes the auth on the retains run script. The mistake I was making was assuming that the token that the devops API plumbing took was a straight access token when instead it is a
base64(username:access_token)string.