Skip to content

Switch ApiScan to use Azure CLI auth #43912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
May 14, 2024
Merged

Switch ApiScan to use Azure CLI auth #43912

Changes from 10 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
a13441c
Test ApiScan change
weshaggard May 7, 2024
8222fff
Update aggregate-reports.yml
weshaggard May 7, 2024
a482b8e
Update aggregate-reports.yml
weshaggard May 8, 2024
5d4de55
Update aggregate-reports.yml
weshaggard May 8, 2024
a74fb67
Update aggregate-reports.yml
weshaggard May 9, 2024
dc9b703
Update aggregate-reports.yml
weshaggard May 9, 2024
c1bdae8
Finalize login and add logout
weshaggard May 14, 2024
cf4bebe
Update eng/pipelines/aggregate-reports.yml
weshaggard May 14, 2024
716109f
Update eng/pipelines/aggregate-reports.yml
weshaggard May 14, 2024
e7d4641
Apply suggestions from code review
weshaggard May 14, 2024
7d147c4
Update eng/pipelines/aggregate-reports.yml
weshaggard May 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 29 additions & 2 deletions eng/pipelines/aggregate-reports.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,27 @@ stages:
-WorkingDirectory '$(Build.ArtifactStagingDirectory)'
-NupkgFilesDestination 'nupkgFiles'

- task: AzureCLI@2
displayName: Azure CLI Login
inputs:
azureSubscription: azure-sdk-apiscan
scriptType: pscore
scriptLocation: inlineScript
addSpnToEnvironment: true
inlineScript: |
az --version
az account show -o json
Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$($env:servicePrincipalId)"
Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$($env:tenantId)"
Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)"

- pwsh: |
# Need to re-login with the az login so that it presists and can be used in the APISca task
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_OIDC_TOKEN)
az --version
az account show -o json
displayName: Persist CLI Login for ApiScan usage

- task: securedevelopmentteam.vss-secure-development-tools.build-task-apiscan.APIScan@2
displayName: 'Run APIScan'
inputs:
Expand All @@ -179,8 +200,14 @@ stages:
preserveLogsFolder: true
verbosityLevel: standard
env:
# azure-sdk-apiscan (81109e5f-0620-423c-a37a-c22fbf8973a7)
AzureServicesAuthConnectionString: runAs=App;AppId=81109e5f-0620-423c-a37a-c22fbf8973a7;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;AppKey=$(azure-sdk-apiscan-client-secret)
AzureServicesAuthConnectionString: RunAs=Developer;DeveloperTool=AzureCli

- pwsh: |
az account show -o json
az logout
az account clear
displayName: Logout of Azure CLI
condition: succeededOrFailed()

- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: 'Post Analysis (ApiScan)'
Expand Down