From 50e3b71577eed7e263c629a6752d0a06e02ffec6 Mon Sep 17 00:00:00 2001 From: gentoo90 Date: Sat, 3 Dec 2022 19:48:25 +0200 Subject: [PATCH 1/2] Try to read tenantId from registry headers if it's not set in CLI arguments Azure Artifacts feed response has "x-vss-resourcetenant" header, which we can read the tenantId from. --- cli.ts | 2 +- index.ts | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/cli.ts b/cli.ts index 7e59160..533ab90 100644 --- a/cli.ts +++ b/cli.ts @@ -11,4 +11,4 @@ const args = require("minimist")(process.argv.slice(2), { } }); -(async () => await run(args.client_id, args.tenant_id, args.ci, args.pbp))(); +(async () => await run(args.client_id, args.ci, args.tenant_id, args.pbp))(); diff --git a/index.ts b/index.ts index b1e223d..a5d56df 100644 --- a/index.ts +++ b/index.ts @@ -5,8 +5,11 @@ import { UserNpmConfig, ProjectNpmConfig } from "./npm-config"; import { UserYarnConfig, ProjectYarnConfig } from "./yarn-config"; import { resolve } from "path"; import * as fs from 'fs'; +import * as https from 'https'; import * as path from 'path'; +const AZDEVOPS_AUTH_TENANT_HEADER = "x-vss-resourcetenant"; + const AZDEVOPS_RESOURCE_ID = "499b84ac-1321-427f-aa17-267ca6975798"; const AZDEVOPS_AUTH_CLIENT_ID = "f9d5fef7-a410-4582-bb27-68a319b1e5a1"; const AZDEVOPS_AUTH_TENANT_ID = "common"; @@ -29,10 +32,20 @@ export function inCI(ciInfo: boolean | string) { return true; } +async function getRegistryTenantId(url: string): Promise { + return new Promise((resolve, _reject) => { + https.get(url, (resp) => { + const tenantIdHeader = resp.headers[AZDEVOPS_AUTH_TENANT_HEADER]; + const tenantId = Array.isArray(tenantIdHeader) ? tenantIdHeader[0] : tenantIdHeader; + resolve(tenantId); + }); + }); +} + async function run( clientId = AZDEVOPS_AUTH_CLIENT_ID, - tenantId = AZDEVOPS_AUTH_TENANT_ID, ciInfo: boolean | string, + tenantId?: string, projectBasePath?: string ) { if (inCI(ciInfo)) { @@ -47,7 +60,9 @@ async function run( for (const registry of getRegistries(userConfig, projectConfig)) { console.log(chalk.green(`Found registry ${registry}`)); - const issuer = await MsoIssuer.discover(tenantId); + const registryTenantId = tenantId ?? (await getRegistryTenantId(registry)) ?? AZDEVOPS_AUTH_TENANT_ID; + + const issuer = await MsoIssuer.discover(registryTenantId); const client = new issuer.Client(new MsoDeviceCodeClientMedata(clientId)); // Set timeout to 5s to workaround issue #18 From 2f20f515f0df469b5109ce7680cd8e0157d30094 Mon Sep 17 00:00:00 2001 From: gentoo90 Date: Sat, 3 Dec 2022 19:52:09 +0200 Subject: [PATCH 2/2] Set default clientId to the one from microsoft/artifacts-credprovider Taken from https://github.com/microsoft/artifacts-credprovider/blob/2286b12bf6e106386c7c530bf0a7220306cbf57c/CredentialProvider.Microsoft/CredentialProviders/Vsts/MSAL/MsalTokenProviderFactory.cs#L12 This should work with all feeds. --- index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.ts b/index.ts index a5d56df..e2e69e9 100644 --- a/index.ts +++ b/index.ts @@ -11,7 +11,7 @@ import * as path from 'path'; const AZDEVOPS_AUTH_TENANT_HEADER = "x-vss-resourcetenant"; const AZDEVOPS_RESOURCE_ID = "499b84ac-1321-427f-aa17-267ca6975798"; -const AZDEVOPS_AUTH_CLIENT_ID = "f9d5fef7-a410-4582-bb27-68a319b1e5a1"; +const AZDEVOPS_AUTH_CLIENT_ID = "872cd9fa-d31f-45e0-9eab-6e460a02d1f1"; const AZDEVOPS_AUTH_TENANT_ID = "common"; const CI_DEFAULT_ENV_VARIABLE_NAME = "TF_BUILD";