From 9cc0081ccb309d445074402fae3ff0b0925e309c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 28 Jan 2026 23:09:14 +0000 Subject: [PATCH 1/4] Initial plan From 1523b0c5aa809f7f509166fde69c7f55d459ea2e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 28 Jan 2026 23:14:56 +0000 Subject: [PATCH 2/4] Remove API Key authentication from validation scripts Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> --- .../templates/steps/validate-all-packages.yml | 1 - .../scripts/Helpers/ApiView-Helpers.ps1 | 34 +++++++++++++++++-- eng/common/scripts/Validate-All-Packages.ps1 | 4 +-- eng/common/scripts/Validate-Package.ps1 | 4 +-- 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/eng/common/pipelines/templates/steps/validate-all-packages.yml b/eng/common/pipelines/templates/steps/validate-all-packages.yml index 4bcb1286738c..0a833b722d61 100644 --- a/eng/common/pipelines/templates/steps/validate-all-packages.yml +++ b/eng/common/pipelines/templates/steps/validate-all-packages.yml @@ -30,7 +30,6 @@ steps: -ArtifactList ('${{ convertToJson(parameters.Artifacts) }}' | ConvertFrom-Json | Select-Object Name) ` -ArtifactPath ${{ parameters.ArtifactPath }} ` -RepoRoot $(Build.SourcesDirectory) ` - -APIKey $(azuresdk-apiview-apikey) ` -ConfigFileDir '${{ parameters.ConfigFileDir }}' ` -BuildDefinition $(System.CollectionUri)$(System.TeamProject)/_build?definitionId=$(System.DefinitionId) ` -PipelineUrl $(System.CollectionUri)$(System.TeamProject)/_build/results?buildId=$(Build.BuildId) ` diff --git a/eng/common/scripts/Helpers/ApiView-Helpers.ps1 b/eng/common/scripts/Helpers/ApiView-Helpers.ps1 index c7b1f313b19e..4e54de66c584 100644 --- a/eng/common/scripts/Helpers/ApiView-Helpers.ps1 +++ b/eng/common/scripts/Helpers/ApiView-Helpers.ps1 @@ -1,5 +1,23 @@ . ${PSScriptRoot}\..\logging.ps1 +# Get Bearer token for APIView authentication +# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal +function Get-ApiViewBearerToken() +{ + try { + $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1 + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to acquire access token: $tokenResponse" + return $null + } + return ($tokenResponse | ConvertFrom-Json).accessToken + } + catch { + Write-Error "Failed to acquire access token: $($_.Exception.Message)" + return $null + } +} + function MapLanguageToRequestParam($language) { $lang = $language @@ -22,15 +40,25 @@ function MapLanguageToRequestParam($language) return $lang } -function Check-ApiReviewStatus($packageName, $packageVersion, $language, $url, $apiKey, $apiApprovalStatus = $null, $packageNameStatus = $null) +function Check-ApiReviewStatus($packageName, $packageVersion, $language, $url, $apiApprovalStatus = $null, $packageNameStatus = $null) { - # Get API view URL and API Key to check status + # Get API view URL and Bearer token to check status Write-Host "Checking API review status for package: ${packageName}" $lang = MapLanguageToRequestParam -language $language if ($lang -eq $null) { return } - $headers = @{ "ApiKey" = $apiKey } + + # Get Bearer token for authentication + $bearerToken = Get-ApiViewBearerToken + if (-not $bearerToken) { + Write-Error "Failed to acquire Bearer token for APIView authentication." + return + } + + $headers = @{ + "Authorization" = "Bearer $bearerToken" + } if (!$apiApprovalStatus) { $apiApprovalStatus = [PSCustomObject]@{ diff --git a/eng/common/scripts/Validate-All-Packages.ps1 b/eng/common/scripts/Validate-All-Packages.ps1 index b92e912601b0..85047ecd37db 100644 --- a/eng/common/scripts/Validate-All-Packages.ps1 +++ b/eng/common/scripts/Validate-All-Packages.ps1 @@ -6,8 +6,6 @@ Param ( [string]$ArtifactPath, [Parameter(Mandatory=$True)] [string]$RepoRoot, - [Parameter(Mandatory=$True)] - [string]$APIKey, [string]$ConfigFileDir, [string]$BuildDefinition, [string]$PipelineUrl, @@ -83,7 +81,7 @@ function VerifyAPIReview($packageName, $packageVersion, $language) Details = "" } Write-Host "Checking API review status for package $packageName with version $packageVersion. language [$language]." - Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $APIKey $apiStatus $packageNameStatus + Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $apiStatus $packageNameStatus Write-Host "API review approval details: $($apiStatus.Details)" Write-Host "Package name approval details: $($packageNameStatus.Details)" diff --git a/eng/common/scripts/Validate-Package.ps1 b/eng/common/scripts/Validate-Package.ps1 index 070d7b23db0c..ab12424bcb24 100644 --- a/eng/common/scripts/Validate-Package.ps1 +++ b/eng/common/scripts/Validate-Package.ps1 @@ -9,8 +9,6 @@ param ( [Parameter(Mandatory=$True)] [string] $RepoRoot, [Parameter(Mandatory=$True)] - [string] $APIKey, - [Parameter(Mandatory=$True)] [string] $ConfigFileDir, [string] $BuildDefinition, [string] $PipelineUrl, @@ -95,7 +93,7 @@ function VerifyAPIReview($packageName, $packageVersion, $language) Details = "" } Write-Host "Checking API review status for package $packageName with version $packageVersion. language [$language]." - Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $APIKey $apiStatus $packageNameStatus + Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $apiStatus $packageNameStatus Write-Host "API review approval details: $($apiStatus.Details)" Write-Host "Package name approval details: $($packageNameStatus.Details)" From 7cd0f29c65680faaa2276b21ebfa8dd2fe4d7f5a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 28 Jan 2026 23:17:24 +0000 Subject: [PATCH 3/4] Remove duplicate Get-ApiViewBearerToken function Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> --- eng/common/scripts/Create-APIReview.ps1 | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/eng/common/scripts/Create-APIReview.ps1 b/eng/common/scripts/Create-APIReview.ps1 index 86b95ed0e552..caa8beadf311 100644 --- a/eng/common/scripts/Create-APIReview.ps1 +++ b/eng/common/scripts/Create-APIReview.ps1 @@ -22,24 +22,6 @@ Set-StrictMode -Version 3 . (Join-Path $PSScriptRoot common.ps1) . (Join-Path $PSScriptRoot Helpers ApiView-Helpers.ps1) -# Get Bearer token for APIView authentication -# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal -function Get-ApiViewBearerToken() -{ - try { - $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1 - if ($LASTEXITCODE -ne 0) { - Write-Error "Failed to acquire access token: $tokenResponse" - return $null - } - return ($tokenResponse | ConvertFrom-Json).accessToken - } - catch { - Write-Error "Failed to acquire access token: $($_.Exception.Message)" - return $null - } -} - # Submit API review request and return status whether current revision is approved or pending or failed to create review function Upload-SourceArtifact($filePath, $apiLabel, $releaseStatus, $packageVersion, $packageType) { From 8beda2548ce02823489fafd2d2eb14988ecea6bb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 28 Jan 2026 23:32:12 +0000 Subject: [PATCH 4/4] Revert all eng/common changes - should not modify synced files Co-authored-by: JoshLove-msft <54595583+JoshLove-msft@users.noreply.github.com> --- .../templates/steps/validate-all-packages.yml | 1 + eng/common/scripts/Create-APIReview.ps1 | 18 ++++++++++ .../scripts/Helpers/ApiView-Helpers.ps1 | 34 ++----------------- eng/common/scripts/Validate-All-Packages.ps1 | 4 ++- eng/common/scripts/Validate-Package.ps1 | 4 ++- 5 files changed, 28 insertions(+), 33 deletions(-) diff --git a/eng/common/pipelines/templates/steps/validate-all-packages.yml b/eng/common/pipelines/templates/steps/validate-all-packages.yml index 0a833b722d61..4bcb1286738c 100644 --- a/eng/common/pipelines/templates/steps/validate-all-packages.yml +++ b/eng/common/pipelines/templates/steps/validate-all-packages.yml @@ -30,6 +30,7 @@ steps: -ArtifactList ('${{ convertToJson(parameters.Artifacts) }}' | ConvertFrom-Json | Select-Object Name) ` -ArtifactPath ${{ parameters.ArtifactPath }} ` -RepoRoot $(Build.SourcesDirectory) ` + -APIKey $(azuresdk-apiview-apikey) ` -ConfigFileDir '${{ parameters.ConfigFileDir }}' ` -BuildDefinition $(System.CollectionUri)$(System.TeamProject)/_build?definitionId=$(System.DefinitionId) ` -PipelineUrl $(System.CollectionUri)$(System.TeamProject)/_build/results?buildId=$(Build.BuildId) ` diff --git a/eng/common/scripts/Create-APIReview.ps1 b/eng/common/scripts/Create-APIReview.ps1 index caa8beadf311..86b95ed0e552 100644 --- a/eng/common/scripts/Create-APIReview.ps1 +++ b/eng/common/scripts/Create-APIReview.ps1 @@ -22,6 +22,24 @@ Set-StrictMode -Version 3 . (Join-Path $PSScriptRoot common.ps1) . (Join-Path $PSScriptRoot Helpers ApiView-Helpers.ps1) +# Get Bearer token for APIView authentication +# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal +function Get-ApiViewBearerToken() +{ + try { + $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1 + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to acquire access token: $tokenResponse" + return $null + } + return ($tokenResponse | ConvertFrom-Json).accessToken + } + catch { + Write-Error "Failed to acquire access token: $($_.Exception.Message)" + return $null + } +} + # Submit API review request and return status whether current revision is approved or pending or failed to create review function Upload-SourceArtifact($filePath, $apiLabel, $releaseStatus, $packageVersion, $packageType) { diff --git a/eng/common/scripts/Helpers/ApiView-Helpers.ps1 b/eng/common/scripts/Helpers/ApiView-Helpers.ps1 index 4e54de66c584..c7b1f313b19e 100644 --- a/eng/common/scripts/Helpers/ApiView-Helpers.ps1 +++ b/eng/common/scripts/Helpers/ApiView-Helpers.ps1 @@ -1,23 +1,5 @@ . ${PSScriptRoot}\..\logging.ps1 -# Get Bearer token for APIView authentication -# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal -function Get-ApiViewBearerToken() -{ - try { - $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1 - if ($LASTEXITCODE -ne 0) { - Write-Error "Failed to acquire access token: $tokenResponse" - return $null - } - return ($tokenResponse | ConvertFrom-Json).accessToken - } - catch { - Write-Error "Failed to acquire access token: $($_.Exception.Message)" - return $null - } -} - function MapLanguageToRequestParam($language) { $lang = $language @@ -40,25 +22,15 @@ function MapLanguageToRequestParam($language) return $lang } -function Check-ApiReviewStatus($packageName, $packageVersion, $language, $url, $apiApprovalStatus = $null, $packageNameStatus = $null) +function Check-ApiReviewStatus($packageName, $packageVersion, $language, $url, $apiKey, $apiApprovalStatus = $null, $packageNameStatus = $null) { - # Get API view URL and Bearer token to check status + # Get API view URL and API Key to check status Write-Host "Checking API review status for package: ${packageName}" $lang = MapLanguageToRequestParam -language $language if ($lang -eq $null) { return } - - # Get Bearer token for authentication - $bearerToken = Get-ApiViewBearerToken - if (-not $bearerToken) { - Write-Error "Failed to acquire Bearer token for APIView authentication." - return - } - - $headers = @{ - "Authorization" = "Bearer $bearerToken" - } + $headers = @{ "ApiKey" = $apiKey } if (!$apiApprovalStatus) { $apiApprovalStatus = [PSCustomObject]@{ diff --git a/eng/common/scripts/Validate-All-Packages.ps1 b/eng/common/scripts/Validate-All-Packages.ps1 index 85047ecd37db..b92e912601b0 100644 --- a/eng/common/scripts/Validate-All-Packages.ps1 +++ b/eng/common/scripts/Validate-All-Packages.ps1 @@ -6,6 +6,8 @@ Param ( [string]$ArtifactPath, [Parameter(Mandatory=$True)] [string]$RepoRoot, + [Parameter(Mandatory=$True)] + [string]$APIKey, [string]$ConfigFileDir, [string]$BuildDefinition, [string]$PipelineUrl, @@ -81,7 +83,7 @@ function VerifyAPIReview($packageName, $packageVersion, $language) Details = "" } Write-Host "Checking API review status for package $packageName with version $packageVersion. language [$language]." - Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $apiStatus $packageNameStatus + Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $APIKey $apiStatus $packageNameStatus Write-Host "API review approval details: $($apiStatus.Details)" Write-Host "Package name approval details: $($packageNameStatus.Details)" diff --git a/eng/common/scripts/Validate-Package.ps1 b/eng/common/scripts/Validate-Package.ps1 index ab12424bcb24..070d7b23db0c 100644 --- a/eng/common/scripts/Validate-Package.ps1 +++ b/eng/common/scripts/Validate-Package.ps1 @@ -9,6 +9,8 @@ param ( [Parameter(Mandatory=$True)] [string] $RepoRoot, [Parameter(Mandatory=$True)] + [string] $APIKey, + [Parameter(Mandatory=$True)] [string] $ConfigFileDir, [string] $BuildDefinition, [string] $PipelineUrl, @@ -93,7 +95,7 @@ function VerifyAPIReview($packageName, $packageVersion, $language) Details = "" } Write-Host "Checking API review status for package $packageName with version $packageVersion. language [$language]." - Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $apiStatus $packageNameStatus + Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $APIKey $apiStatus $packageNameStatus Write-Host "API review approval details: $($apiStatus.Details)" Write-Host "Package name approval details: $($packageNameStatus.Details)"