-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use the correct OIDC request url for the powershell task #584
base: master
Are you sure you want to change the base?
Conversation
@hayemaxi - would appreciate a review on this PR. Thanks in advance |
@hayemaxi can you please give us an update? |
Could you help me understand what this is solving? Currently I am not experiencing any issues using the powershell task with OIDC in either YAML or classic pipelines. Is this related to first-time OIDC setup? Please provide more details on the error. |
hey @hayemaxi, thanks for your input. The issues I'm having is on Release pipelines(not build) Also here's the SYSTEM_OIDCREQUESTURI: 2 differences between the urls:
|
I understand now. I wasn't able to reproduce the exact error for the Release pipeline, but I did get an invalid URL error. It went away with your change- and build pipelines also seem to be working as well. Thanks for this contribution! Due to the holidays we won't release this toolkit until the new year, and I still want to verify a few things. |
Description
The AZDO agents provide a variable which contains the actual URL needed to retrieve the OIDC token - System.OidcRequestUri
as specified in the documentation: https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml
Motivation
I could not use the Powershell Module with OIDC authentication in a Release because the OIDC request URL was wrong
Testing
I manually changed the RunAWSPowerShellModuleScript.ps1 on one of my agents with the changes in this PR and it worked flawlessly.
Unfortunately the variant without explicit string concatenation
$url = "$Env:SYSTEM_OIDCREQUESTURI?api-version=7.1-preview.1&serviceConnectionId=$awsEndpoint"
didn't work since it seems powershell thinks "?" is part of the variable name, and the substitution failed.(https://stackoverflow.com/questions/66071918/why-does-powershell-not-process-a-string-correctly-which-has-a-dollar-sign-and-a)
Checklist
npm run newChange
License
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.