Add support for excluding new auth types from DefaultAzureCredential (#…

…23) * Bump ps module and add new inputs * Add docs about new exclude auth inputs * Add new inputs to auth section advice
Azure · May 16, 2024 · 28dff55 · 28dff55
1 parent 8ff0539
commit 28dff55
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -90,6 +90,9 @@ azure-password: ${{ secrets.AZURE_PASSWORD }}
 # Exclude the "EnvironmentCredential" type from being considered when authenticating with "DefaultAzureCredential". The default value is false.
 exclude-environment-credential: false
 
+# Exclude the "WorkloadIdentity" type from being considered when authenticating with "DefaultAzureCredential". The default value is false.
+exclude-workload-identity-credential: false
+
 # Exclude the "ManagedIdentity" type from being considered when authenticating with "DefaultAzureCredential". The default value is false.
 exclude-managed-identity-credential: false
 
@@ -108,6 +111,9 @@ exclude-azure-cli-credential: false
 # Exclude the "AzurePowerShellCredential" type from being considered when authenticating with "DefaultAzureCredential". The default value is false.
 exclude-azure-powershell-credential: false
 
+# Exclude the "AzureDeveloperCliCredential" type from being considered when authenticating with "DefaultAzureCredential". The default value is false.
+exclude-azure-developer-cli-credential: false
+
 # Exclude the "InteractiveBrowserCredential" type from being considered when authenticating with "DefaultAzureCredential". The default value is true.
 exclude-interactive-browser-credential: true
 ```
@@ -256,12 +262,14 @@ Each authentication method can be [disabled individually](https://github.com/Azu
 For example, when authenticating with [EnvironmentCredential](https://learn.microsoft.com/dotnet/api/azure.identity.environmentcredential?view=azure-dotnet) specifically, disable the other credentials with the following inputs:
 ```yaml
 exclude-environment-credential: false
+exclude-workload-identity-credential: true
 exclude-managed-identity-credential: true
 exclude-shared-token-cache-credential: true
 exclude-visual-studio-credential: true
 exclude-visual-studio-code-credential: true
 exclude-azure-cli-credential: true
 exclude-azure-powershell-credential: true
+exclude-azure-developer-cli-credential: true
 exclude-interactive-browser-credential: true
 ```
 

diff --git a/action.yml b/action.yml
@@ -133,6 +133,9 @@ inputs:
   exclude-environment-credential:
     description: Exclude the "EnvironmentCredential" type from being considered when authenticating with "DefaultAzureCredential".
     required: false
+  exclude-workload-identity-credential:
+    description: Exclude the "WorkloadIdentityCredential" type from being considered when authenticating with "DefaultAzureCredential".
+    required: false
   exclude-managed-identity-credential:
     description: Exclude the "ManagedIdentity" type from being considered when authenticating with "DefaultAzureCredential".
     required: false
@@ -151,6 +154,9 @@ inputs:
   exclude-azure-powershell-credential:
     description: Exclude the "AzurePowerShellCredential" type from being considered when authenticating with "DefaultAzureCredential".
     required: false
+  exclude-azure-developer-cli-credential:
+    description: Exclude the "AzureDeveloperCliCredential" type from being considered when authenticating with "DefaultAzureCredential".
+    required: false
   exclude-interactive-browser-credential:
     description: Exclude the "InteractiveBrowserCredential" type from being considered when authenticating with "DefaultAzureCredential".
     required: false
@@ -180,7 +186,7 @@ runs:
         AZURE_USERNAME: ${{ inputs.azure-username }}
         AZURE_PASSWORD: ${{ inputs.azure-password }}
       run: |
-        Install-Module -Name TrustedSigning -RequiredVersion 0.3.15 -Force -Repository PSGallery
+        Install-Module -Name TrustedSigning -RequiredVersion 0.3.18 -Force -Repository PSGallery
 
         $params = @{}
 
@@ -315,6 +321,11 @@ runs:
           $params["ExcludeEnvironmentCredential"] = [System.Convert]::ToBoolean($excludeEnvironmentCredential)
         }
 
+        $excludeWorkloadIdentityCredential = "${{ inputs.exclude-workload-identity-credential }}"
+        if (-Not [string]::IsNullOrWhiteSpace($excludeWorkloadIdentityCredential)) {
+          $params["ExcludeWorkloadIdentityCredential"] = [System.Convert]::ToBoolean($excludeWorkloadIdentityCredential)
+        }
+
         $excludeManagedIdentityCredential = "${{ inputs.exclude-managed-identity-credential }}"
         if (-Not [string]::IsNullOrWhiteSpace($excludeManagedIdentityCredential)) {
           $params["ExcludeManagedIdentityCredential"] = [System.Convert]::ToBoolean($excludeManagedIdentityCredential)
@@ -345,6 +356,11 @@ runs:
           $params["ExcludeAzurePowerShellCredential"] = [System.Convert]::ToBoolean($excludeAzurePowerShellCredential)
         }
 
+        $excludeAzureDeveloperCliCredential = "${{ inputs.exclude-azure-developer-cli-credential }}"
+        if (-Not [string]::IsNullOrWhiteSpace($excludeAzureDeveloperCliCredential)) {
+          $params["ExcludeAzureDeveloperCliCredential"] = [System.Convert]::ToBoolean($excludeAzureDeveloperCliCredential)
+        }
+
         $excludeInteractiveBrowserCredential = "${{ inputs.exclude-interactive-browser-credential }}"
         if (-Not [string]::IsNullOrWhiteSpace($excludeInteractiveBrowserCredential)) {
           $params["ExcludeInteractiveBrowserCredential"] = [System.Convert]::ToBoolean($excludeInteractiveBrowserCredential)