From 16946bcd2690cff485c579ab2b32ca15780213dc Mon Sep 17 00:00:00 2001 From: James Suplizio Date: Tue, 28 May 2024 08:42:26 -0700 Subject: [PATCH 1/4] Changes to scripts to deal with PATs and AccessTokens --- eng/common/scripts/Add-RetentionLease.ps1 | 13 ++-- eng/common/scripts/Invoke-DevOpsAPI.ps1 | 74 ++++++++++++++++------- eng/common/scripts/Queue-Pipeline.ps1 | 14 +++-- 3 files changed, 71 insertions(+), 30 deletions(-) diff --git a/eng/common/scripts/Add-RetentionLease.ps1 b/eng/common/scripts/Add-RetentionLease.ps1 index ae7b80119c2b..6f8799370c2b 100644 --- a/eng/common/scripts/Add-RetentionLease.ps1 +++ b/eng/common/scripts/Add-RetentionLease.ps1 @@ -19,14 +19,19 @@ param( [string]$OwnerId = "azure-sdk-pipeline-automation", [Parameter(Mandatory = $false)] - [string]$AccessToken = $env:DEVOPS_PAT + [string]$AuthToken = $env:DEVOPS_PAT, + + [Parameter(Mandatory = $false)] + [string]$AccessToken=$null ) Set-StrictMode -Version 3 . (Join-Path $PSScriptRoot common.ps1) -$encodedAuthToken = Get-Base64EncodedToken $AccessToken +if (![string]::IsNullOrWhiteSpace($AuthToken)) { + $encodedAuthToken = Get-Base64EncodedToken $AuthToken +} LogDebug "Checking for existing leases on run: $RunId" $existingLeases = Get-RetentionLeases -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -Base64EncodedAuthToken $encodedAuthToken @@ -36,11 +41,11 @@ if ($existingLeases.count -ne 0) { foreach ($lease in $existingLeases.value) { LogDebug "Deleting lease: $($lease.leaseId)" - Delete-RetentionLease -Organization $Organization -Project $Project -LeaseId $lease.leaseId -Base64EncodedAuthToken $encodedAuthToken + Delete-RetentionLease -Organization $Organization -Project $Project -LeaseId $lease.leaseId -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AccessToken } } LogDebug "Creating new lease on run: $RunId" -$lease = Add-RetentionLease -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -DaysValid $DaysValid -Base64EncodedAuthToken $encodedAuthToken +$lease = Add-RetentionLease -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -DaysValid $DaysValid -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AccessToken LogDebug "Lease ID is: $($lease.value.leaseId)" \ No newline at end of file diff --git a/eng/common/scripts/Invoke-DevOpsAPI.ps1 b/eng/common/scripts/Invoke-DevOpsAPI.ps1 index c0fcd360c0af..de9b513e41f9 100644 --- a/eng/common/scripts/Invoke-DevOpsAPI.ps1 +++ b/eng/common/scripts/Invoke-DevOpsAPI.ps1 @@ -16,9 +16,28 @@ function Get-Base64EncodedToken([string]$AuthToken) return $encodedAuthToken } -function Get-DevOpsApiHeaders ($Base64EncodedToken) { - $headers = @{ - Authorization = "Basic $Base64EncodedToken" +# The Base64EncodedToken would be from a PAT that was passed in and the header requires Basic authorization +# The AccessToken would be the querying the Azure resource with the following command: +# az account get-access-token --resource "499b84ac-1321-427f-aa17-267ca6975798" --query "accessToken" --output tsv +# The header for an AccessToken requires Bearer authorization +function Get-DevOpsApiHeaders ($Base64EncodedToken, $AccessToken) { + $headers = $null + if (![string]::IsNullOrWhiteSpace($Base64EncodedToken) -and + ![string]::IsNullOrWhiteSpace($AccessToken)) { + LogError "Get-DevOpsApiHeaders::Unable to set the Authentication in the header because Base64EncodedToken and AccessToken are both set and only one should be." + exit 1 + } + if (![string]::IsNullOrWhiteSpace($Base64EncodedToken)) { + $headers = @{ + Authorization = "Basic $Base64EncodedToken" + } + } elseif (![string]::IsNullOrWhiteSpace($AccessToken)) { + $headers = @{ + Authorization = "Bearer $AccessToken" + } + } else { + LogError "Get-DevOpsApiHeaders::Unable to set the Authentication in the header because neither Base64EncodedToken nor AccessToken are set." + exit 1 } return $headers } @@ -30,9 +49,8 @@ function Start-DevOpsBuild { $SourceBranch, [Parameter(Mandatory = $true)] $DefinitionId, - [ValidateNotNullOrEmpty()] - [Parameter(Mandatory = $true)] - $Base64EncodedAuthToken, + $Base64EncodedAuthToken=$null, + $AccessToken=$null, [Parameter(Mandatory = $false)] [string]$BuildParametersJson ) @@ -45,11 +63,13 @@ function Start-DevOpsBuild { parameters = $BuildParametersJson } + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + return Invoke-RestMethod ` -Method POST ` -Body ($parameters | ConvertTo-Json) ` -Uri $uri ` - -Headers (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken) ` + -Headers $headers ` -MaximumRetryCount 3 ` -ContentType "application/json" } @@ -62,9 +82,8 @@ function Update-DevOpsBuild { [Parameter(Mandatory = $true)] $BuildId, $Status, # pass canceling to cancel build - [ValidateNotNullOrEmpty()] - [Parameter(Mandatory = $true)] - $Base64EncodedAuthToken + $Base64EncodedAuthToken, + $AccessToken ) $uri = "$DevOpsAPIBaseURI" -F $Organization, $Project, "build", "builds/$BuildId", "" @@ -72,11 +91,13 @@ function Update-DevOpsBuild { if ($Status) { $parameters["status"] = $Status} + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + return Invoke-RestMethod ` -Method PATCH ` -Body ($parameters | ConvertTo-Json) ` -Uri $uri ` - -Headers (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken) ` + -Headers $headers ` -MaximumRetryCount 3 ` -ContentType "application/json" } @@ -88,9 +109,8 @@ function Get-DevOpsBuilds { $BranchName, # Should start with 'refs/heads/' $Definitions, # Comma seperated string of definition IDs $StatusFilter, # Comma seperated string 'cancelling, completed, inProgress, notStarted' - [ValidateNotNullOrEmpty()] - [Parameter(Mandatory = $true)] - $Base64EncodedAuthToken + $Base64EncodedAuthToken, + $AccessToken ) $query = "" @@ -100,10 +120,12 @@ function Get-DevOpsBuilds { if ($StatusFilter) { $query += "statusFilter=$StatusFilter&" } $uri = "$DevOpsAPIBaseURI" -F $Organization, $Project , "build" , "builds", $query + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + return Invoke-RestMethod ` -Method GET ` -Uri $uri ` - -Headers (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken) ` + -Headers $headers ` -MaximumRetryCount 3 } @@ -112,15 +134,18 @@ function Delete-RetentionLease { $Organization, $Project, $LeaseId, - $Base64EncodedAuthToken + $Base64EncodedAuthToken, + $AccessToken ) $uri = "https://dev.azure.com/$Organization/$Project/_apis/build/retention/leases?ids=$LeaseId&api-version=6.0-preview.1" + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + return Invoke-RestMethod ` -Method DELETE ` -Uri $uri ` - -Headers (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken) ` + -Headers $headers ` -MaximumRetryCount 3 } @@ -131,15 +156,18 @@ function Get-RetentionLeases { $DefinitionId, $RunId, $OwnerId, - $Base64EncodedAuthToken + $Base64EncodedAuthToken, + $AccessToken ) $uri = "https://dev.azure.com/$Organization/$Project/_apis/build/retention/leases?ownerId=$OwnerId&definitionId=$DefinitionId&runId=$RunId&api-version=6.0-preview.1" + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + return Invoke-RestMethod ` -Method GET ` -Uri $uri ` - -Headers (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken) ` + -Headers $headers ` -MaximumRetryCount 3 } @@ -151,7 +179,8 @@ function Add-RetentionLease { $RunId, $OwnerId, $DaysValid, - $Base64EncodedAuthToken + $Base64EncodedAuthToken, + $AccessToken ) $parameter = @{} @@ -165,12 +194,13 @@ function Add-RetentionLease { $uri = "https://dev.azure.com/$Organization/$Project/_apis/build/retention/leases?api-version=6.0-preview.1" + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + return Invoke-RestMethod ` -Method POST ` -Body "[$body]" ` -Uri $uri ` - -Headers (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken) ` + -Headers $headers ` -MaximumRetryCount 3 ` -ContentType "application/json" - } diff --git a/eng/common/scripts/Queue-Pipeline.ps1 b/eng/common/scripts/Queue-Pipeline.ps1 index 281bc2f9a71a..fb7eeba0f7f7 100644 --- a/eng/common/scripts/Queue-Pipeline.ps1 +++ b/eng/common/scripts/Queue-Pipeline.ps1 @@ -58,10 +58,13 @@ param( [string]$VsoQueuedPipelines, # Already base 64 encoded authentication token - [string]$Base64EncodedAuthToken, + [string]$Base64EncodedAuthToken=$null, - # Unencoded authentication token - [string]$AuthToken, + # Unencoded authentication token from a PAT + [string]$AuthToken=$null, + + # Temp access token from the logged in az cli user for azure devops resource + [string]$AccessToken=$null, [Parameter(Mandatory = $false)] [string]$BuildParametersJson @@ -71,7 +74,9 @@ param( if (!$Base64EncodedAuthToken) { - $Base64EncodedAuthToken = Get-Base64EncodedToken $AuthToken + if (![string]::IsNullOrWhiteSpace($AuthToken)) { + $Base64EncodedAuthToken = Get-Base64EncodedToken $AuthToken + } } # Skip if SourceBranch is empty because it we cannot generate a target branch @@ -105,6 +110,7 @@ try { -SourceBranch $SourceBranch ` -DefinitionId $DefinitionId ` -Base64EncodedAuthToken $Base64EncodedAuthToken ` + -AccessToken $AccessToken ` -BuildParametersJson $BuildParametersJson } catch { From 61e11825240a9a4ac94732a4d8263cea97e24b12 Mon Sep 17 00:00:00 2001 From: James Suplizio Date: Tue, 28 May 2024 09:38:39 -0700 Subject: [PATCH 2/4] swap access and auth for add-retention-lease --- eng/common/scripts/Add-RetentionLease.ps1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/eng/common/scripts/Add-RetentionLease.ps1 b/eng/common/scripts/Add-RetentionLease.ps1 index 6f8799370c2b..40ed3e0fe4c1 100644 --- a/eng/common/scripts/Add-RetentionLease.ps1 +++ b/eng/common/scripts/Add-RetentionLease.ps1 @@ -19,18 +19,18 @@ param( [string]$OwnerId = "azure-sdk-pipeline-automation", [Parameter(Mandatory = $false)] - [string]$AuthToken = $env:DEVOPS_PAT, + [string]$AccessToken = $env:DEVOPS_PAT, [Parameter(Mandatory = $false)] - [string]$AccessToken=$null + [string]$AuthToken=$null ) Set-StrictMode -Version 3 . (Join-Path $PSScriptRoot common.ps1) -if (![string]::IsNullOrWhiteSpace($AuthToken)) { - $encodedAuthToken = Get-Base64EncodedToken $AuthToken +if (![string]::IsNullOrWhiteSpace($AccessToken)) { + $encodedAuthToken = Get-Base64EncodedToken $AccessToken } LogDebug "Checking for existing leases on run: $RunId" @@ -41,11 +41,11 @@ if ($existingLeases.count -ne 0) { foreach ($lease in $existingLeases.value) { LogDebug "Deleting lease: $($lease.leaseId)" - Delete-RetentionLease -Organization $Organization -Project $Project -LeaseId $lease.leaseId -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AccessToken + Delete-RetentionLease -Organization $Organization -Project $Project -LeaseId $lease.leaseId -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AuthToken } } LogDebug "Creating new lease on run: $RunId" -$lease = Add-RetentionLease -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -DaysValid $DaysValid -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AccessToken +$lease = Add-RetentionLease -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -DaysValid $DaysValid -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AuthToken LogDebug "Lease ID is: $($lease.value.leaseId)" \ No newline at end of file From 2393a014adc082693510e80a6c1a9801ed9f1dbb Mon Sep 17 00:00:00 2001 From: James Suplizio Date: Tue, 28 May 2024 13:47:25 -0700 Subject: [PATCH 3/4] AuthToken to BearerToken and remove unused Base64EncodedAuthToken from the script parameters --- eng/common/scripts/Add-RetentionLease.ps1 | 20 ++++----- eng/common/scripts/Invoke-DevOpsAPI.ps1 | 53 +++++++++++------------ eng/common/scripts/Queue-Pipeline.ps1 | 22 ++++------ 3 files changed, 44 insertions(+), 51 deletions(-) diff --git a/eng/common/scripts/Add-RetentionLease.ps1 b/eng/common/scripts/Add-RetentionLease.ps1 index 40ed3e0fe4c1..0f4bc633464b 100644 --- a/eng/common/scripts/Add-RetentionLease.ps1 +++ b/eng/common/scripts/Add-RetentionLease.ps1 @@ -18,34 +18,34 @@ param( [Parameter(Mandatory = $false)] [string]$OwnerId = "azure-sdk-pipeline-automation", - [Parameter(Mandatory = $false)] - [string]$AccessToken = $env:DEVOPS_PAT, - - [Parameter(Mandatory = $false)] - [string]$AuthToken=$null + # This script shouldn't need anything other than the $System.AccessToken from + # from the build pipeline. The retain-run.yml template doesn't run outside + # of the pipeline it's manipulating the retention leases for. + [Parameter(Mandatory = $true)] + [string]$AccessToken = $env:DEVOPS_PAT ) Set-StrictMode -Version 3 . (Join-Path $PSScriptRoot common.ps1) +$Base64EncodedToken=$null if (![string]::IsNullOrWhiteSpace($AccessToken)) { - $encodedAuthToken = Get-Base64EncodedToken $AccessToken + $Base64EncodedToken = Get-Base64EncodedToken $AccessToken } LogDebug "Checking for existing leases on run: $RunId" -$existingLeases = Get-RetentionLeases -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -Base64EncodedAuthToken $encodedAuthToken +$existingLeases = Get-RetentionLeases -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -Base64EncodedToken $Base64EncodedToken if ($existingLeases.count -ne 0) { LogDebug "Found $($existingLeases.count) leases, will delete them first." foreach ($lease in $existingLeases.value) { LogDebug "Deleting lease: $($lease.leaseId)" - Delete-RetentionLease -Organization $Organization -Project $Project -LeaseId $lease.leaseId -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AuthToken + Delete-RetentionLease -Organization $Organization -Project $Project -LeaseId $lease.leaseId -Base64EncodedToken $Base64EncodedToken } } - LogDebug "Creating new lease on run: $RunId" -$lease = Add-RetentionLease -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -DaysValid $DaysValid -Base64EncodedAuthToken $encodedAuthToken -AccessToken $AuthToken +$lease = Add-RetentionLease -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -DaysValid $DaysValid -Base64EncodedToken $Base64EncodedToken LogDebug "Lease ID is: $($lease.value.leaseId)" \ No newline at end of file diff --git a/eng/common/scripts/Invoke-DevOpsAPI.ps1 b/eng/common/scripts/Invoke-DevOpsAPI.ps1 index de9b513e41f9..dc525ce7b106 100644 --- a/eng/common/scripts/Invoke-DevOpsAPI.ps1 +++ b/eng/common/scripts/Invoke-DevOpsAPI.ps1 @@ -20,23 +20,22 @@ function Get-Base64EncodedToken([string]$AuthToken) # The AccessToken would be the querying the Azure resource with the following command: # az account get-access-token --resource "499b84ac-1321-427f-aa17-267ca6975798" --query "accessToken" --output tsv # The header for an AccessToken requires Bearer authorization -function Get-DevOpsApiHeaders ($Base64EncodedToken, $AccessToken) { +function Get-DevOpsApiHeaders { + param ( + $Base64EncodedToken=$null, + $BearerToken=$null + ) $headers = $null - if (![string]::IsNullOrWhiteSpace($Base64EncodedToken) -and - ![string]::IsNullOrWhiteSpace($AccessToken)) { - LogError "Get-DevOpsApiHeaders::Unable to set the Authentication in the header because Base64EncodedToken and AccessToken are both set and only one should be." - exit 1 - } if (![string]::IsNullOrWhiteSpace($Base64EncodedToken)) { $headers = @{ Authorization = "Basic $Base64EncodedToken" } - } elseif (![string]::IsNullOrWhiteSpace($AccessToken)) { + } elseif (![string]::IsNullOrWhiteSpace($BearerToken)) { $headers = @{ - Authorization = "Bearer $AccessToken" + Authorization = "Bearer $BearerToken" } } else { - LogError "Get-DevOpsApiHeaders::Unable to set the Authentication in the header because neither Base64EncodedToken nor AccessToken are set." + LogError "Get-DevOpsApiHeaders::Unable to set the Authentication in the header because neither Base64EncodedToken nor BearerToken are set." exit 1 } return $headers @@ -49,8 +48,8 @@ function Start-DevOpsBuild { $SourceBranch, [Parameter(Mandatory = $true)] $DefinitionId, - $Base64EncodedAuthToken=$null, - $AccessToken=$null, + $Base64EncodedToken=$null, + $BearerToken=$null, [Parameter(Mandatory = $false)] [string]$BuildParametersJson ) @@ -63,7 +62,7 @@ function Start-DevOpsBuild { parameters = $BuildParametersJson } - $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken) return Invoke-RestMethod ` -Method POST ` @@ -82,8 +81,8 @@ function Update-DevOpsBuild { [Parameter(Mandatory = $true)] $BuildId, $Status, # pass canceling to cancel build - $Base64EncodedAuthToken, - $AccessToken + $Base64EncodedToken=$null, + $BearerToken=$null ) $uri = "$DevOpsAPIBaseURI" -F $Organization, $Project, "build", "builds/$BuildId", "" @@ -91,7 +90,7 @@ function Update-DevOpsBuild { if ($Status) { $parameters["status"] = $Status} - $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken) return Invoke-RestMethod ` -Method PATCH ` @@ -109,8 +108,8 @@ function Get-DevOpsBuilds { $BranchName, # Should start with 'refs/heads/' $Definitions, # Comma seperated string of definition IDs $StatusFilter, # Comma seperated string 'cancelling, completed, inProgress, notStarted' - $Base64EncodedAuthToken, - $AccessToken + $Base64EncodedToken=$null, + $BearerToken=$null ) $query = "" @@ -120,7 +119,7 @@ function Get-DevOpsBuilds { if ($StatusFilter) { $query += "statusFilter=$StatusFilter&" } $uri = "$DevOpsAPIBaseURI" -F $Organization, $Project , "build" , "builds", $query - $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken) return Invoke-RestMethod ` -Method GET ` @@ -134,13 +133,13 @@ function Delete-RetentionLease { $Organization, $Project, $LeaseId, - $Base64EncodedAuthToken, - $AccessToken + $Base64EncodedToken=$null, + $BearerToken=$null ) $uri = "https://dev.azure.com/$Organization/$Project/_apis/build/retention/leases?ids=$LeaseId&api-version=6.0-preview.1" - $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken) return Invoke-RestMethod ` -Method DELETE ` @@ -156,13 +155,13 @@ function Get-RetentionLeases { $DefinitionId, $RunId, $OwnerId, - $Base64EncodedAuthToken, - $AccessToken + $Base64EncodedToken=$null, + $BearerToken=$null ) $uri = "https://dev.azure.com/$Organization/$Project/_apis/build/retention/leases?ownerId=$OwnerId&definitionId=$DefinitionId&runId=$RunId&api-version=6.0-preview.1" - $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken) return Invoke-RestMethod ` -Method GET ` @@ -179,8 +178,8 @@ function Add-RetentionLease { $RunId, $OwnerId, $DaysValid, - $Base64EncodedAuthToken, - $AccessToken + $Base64EncodedToken=$null, + $BearerToken=$null ) $parameter = @{} @@ -194,7 +193,7 @@ function Add-RetentionLease { $uri = "https://dev.azure.com/$Organization/$Project/_apis/build/retention/leases?api-version=6.0-preview.1" - $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedAuthToken -AccessToken $AccessToken) + $headers = (Get-DevOpsApiHeaders -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken) return Invoke-RestMethod ` -Method POST ` diff --git a/eng/common/scripts/Queue-Pipeline.ps1 b/eng/common/scripts/Queue-Pipeline.ps1 index fb7eeba0f7f7..e100300edc8c 100644 --- a/eng/common/scripts/Queue-Pipeline.ps1 +++ b/eng/common/scripts/Queue-Pipeline.ps1 @@ -57,26 +57,20 @@ param( [string]$VsoQueuedPipelines, - # Already base 64 encoded authentication token - [string]$Base64EncodedAuthToken=$null, - # Unencoded authentication token from a PAT [string]$AuthToken=$null, # Temp access token from the logged in az cli user for azure devops resource - [string]$AccessToken=$null, + [string]$BearerToken=$null, [Parameter(Mandatory = $false)] [string]$BuildParametersJson ) . (Join-Path $PSScriptRoot common.ps1) - -if (!$Base64EncodedAuthToken) -{ - if (![string]::IsNullOrWhiteSpace($AuthToken)) { - $Base64EncodedAuthToken = Get-Base64EncodedToken $AuthToken - } +$Base64EncodedToken=$null +if (![string]::IsNullOrWhiteSpace($AuthToken)) { + $Base64EncodedToken = Get-Base64EncodedToken $AuthToken } # Skip if SourceBranch is empty because it we cannot generate a target branch @@ -85,7 +79,7 @@ if ($CancelPreviousBuilds -and $SourceBranch) { try { $queuedBuilds = Get-DevOpsBuilds -BranchName "refs/heads/$SourceBranch" -Definitions $DefinitionId ` - -StatusFilter "inProgress, notStarted" -Base64EncodedAuthToken $Base64EncodedAuthToken + -StatusFilter "inProgress, notStarted" -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken if ($queuedBuilds.count -eq 0) { LogDebug "There is no previous build still inprogress or about to start." @@ -94,7 +88,7 @@ if ($CancelPreviousBuilds -and $SourceBranch) foreach ($build in $queuedBuilds.Value) { $buildID = $build.id LogDebug "Canceling build [ $($build._links.web.href) ]" - Update-DevOpsBuild -BuildId $buildID -Status "cancelling" -Base64EncodedAuthToken $Base64EncodedAuthToken + Update-DevOpsBuild -BuildId $buildID -Status "cancelling" -Base64EncodedToken $Base64EncodedToken -BearerToken $BearerToken } } catch { @@ -109,8 +103,8 @@ try { -Project $Project ` -SourceBranch $SourceBranch ` -DefinitionId $DefinitionId ` - -Base64EncodedAuthToken $Base64EncodedAuthToken ` - -AccessToken $AccessToken ` + -Base64EncodedToken $Base64EncodedToken ` + -BearerToken $BearerToken ` -BuildParametersJson $BuildParametersJson } catch { From 654b0c98bb59be8176862e1584378139dc10c949 Mon Sep 17 00:00:00 2001 From: James Suplizio Date: Tue, 28 May 2024 14:20:16 -0700 Subject: [PATCH 4/4] remove unneccsary if not null check for the mandatory parameter --- eng/common/scripts/Add-RetentionLease.ps1 | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/eng/common/scripts/Add-RetentionLease.ps1 b/eng/common/scripts/Add-RetentionLease.ps1 index 0f4bc633464b..3532aecf0716 100644 --- a/eng/common/scripts/Add-RetentionLease.ps1 +++ b/eng/common/scripts/Add-RetentionLease.ps1 @@ -29,10 +29,7 @@ Set-StrictMode -Version 3 . (Join-Path $PSScriptRoot common.ps1) -$Base64EncodedToken=$null -if (![string]::IsNullOrWhiteSpace($AccessToken)) { - $Base64EncodedToken = Get-Base64EncodedToken $AccessToken -} +$Base64EncodedToken = Get-Base64EncodedToken $AccessToken LogDebug "Checking for existing leases on run: $RunId" $existingLeases = Get-RetentionLeases -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -Base64EncodedToken $Base64EncodedToken