Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PoC: Federated SPN credentials #540

Merged
merged 15 commits into from
May 13, 2024
Merged

PoC: Federated SPN credentials #540

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
83c75c1
PAC v1.31.6
tehcrashxor Mar 22, 2024
557acc0
Merge branch 'main' into tehcrash-marchUpdate-pacv1.31.6
tehcrashxor Mar 22, 2024
cfcf9fe
Update Cli-Wrapper
tehcrashxor Apr 26, 2024
3cec4f7
Update dist for cli-wrapper
tehcrashxor Apr 26, 2024
c116bf4
support federated credentials
tehcrashxor Apr 26, 2024
3960462
Merge branch 'main' into users/tehcrash/2404/SpnFederation
tehcrashxor Apr 26, 2024
3794ae4
Update error handling
tehcrashxor Apr 26, 2024
bde4970
Merge branch 'users/tehcrash/2404/SpnFederation' of https://github.co…
tehcrashxor Apr 26, 2024
e241143
Merge branch 'main' into users/tehcrash/2404/SpnFederation
tehcrashxor Apr 29, 2024
9686657
update-dist following cli-wrapper 0.1.120 update
tehcrashxor Apr 29, 2024
0e365dc
Merge branch 'main' into users/tehcrash/2404/SpnFederation
tehcrashxor May 13, 2024
1a674a2
update-dist following merge from main
tehcrashxor May 13, 2024
156af8d
Update PAC to 1.32.5
tehcrashxor May 13, 2024
b988f77
Add WIF test to rolling instance actions
tehcrashxor May 13, 2024
d7d07b1
Update rolling-instance-actions with permissions for WIF
tehcrashxor May 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dist/actions/actions-install/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3369,7 +3369,7 @@ var require_package = __commonJS({
"@actions/core": "^1.10.0",
"@actions/exec": "^1.1.1",
"@actions/io": "^1.1.3",
"@microsoft/powerplatform-cli-wrapper": "^0.1.118",
"@microsoft/powerplatform-cli-wrapper": "^0.1.119",
"date-fns": "^2.30.0",
"fs-extra": "^11.1.1",
"js-yaml": "^4.1",
Expand Down
58 changes: 45 additions & 13 deletions dist/actions/add-solution-component/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,11 +131,29 @@ var require_authenticate = __commonJS({
return ["--url", url];
}
function addCredentials(credentials) {
return isUsernamePassword(credentials) ? addUsernamePassword(credentials) : addClientCredentials(credentials);
if (isUsernamePassword(credentials)) {
return addUsernamePassword(credentials);
} else if (isFederatedCredentials(credentials)) {
return addFederatedCredentials(credentials);
} else {
return addClientCredentials(credentials);
}
}
function isUsernamePassword(credentials) {
return "username" in credentials;
}
function isFederatedCredentials(credentials) {
return "federationProvider" in credentials;
}
function addFederatedCredentials(parameters) {
return [
"--applicationId",
parameters.appId,
"--tenant",
parameters.tenantId,
parameters.federationProvider == "AzureDevOps" ? "--azureDevOpsFederated" : "--githubFederated"
];
}
function addClientCredentials(parameters) {
if (parameters.scheme == "ManagedServiceIdentity") {
return ["--managedIdentity"];
Expand Down Expand Up @@ -324,8 +342,8 @@ var require_exportSolution = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var path = require("path");
function exportSolution(parameters, runnerParameters, host) {
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
return __awaiter2(this, void 0, void 0, function* () {
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
function resolveFolder(folder) {
if (!folder || typeof folder !== "string")
return void 0;
Expand Down Expand Up @@ -435,8 +453,8 @@ var require_whoAmI = __commonJS({
var authenticate_1 = require_authenticate();
var createPacRunner_1 = require_createPacRunner();
function whoAmI(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -503,8 +521,8 @@ var require_importSolution = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var path = require("path");
function importSolution(parameters, runnerParameters, host) {
var _a, _b, _c;
return __awaiter2(this, void 0, void 0, function* () {
var _a, _b, _c;
function resolveFolder(folder) {
if (!folder || typeof folder !== "string")
return void 0;
Expand Down Expand Up @@ -9793,8 +9811,8 @@ var require_checkSolution = __commonJS({
var authenticate_1 = require_authenticate();
var fs_extra_1 = require_lib();
function checkSolution(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
const validator = new InputValidator_1.InputValidator(host);
Expand Down Expand Up @@ -10219,8 +10237,8 @@ var require_restoreEnvironment = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var createEnvironment_1 = require_createEnvironment();
function restoreEnvironment(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -10452,8 +10470,8 @@ var require_unpackSolution = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var solutionPackagingBase_1 = require_solutionPackagingBase();
function unpackSolution(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -10519,8 +10537,8 @@ var require_resetEnvironment = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var createEnvironment_1 = require_createEnvironment();
function resetEnvironment(parameters, runnerParameters, host) {
var _a, _b;
return __awaiter2(this, void 0, void 0, function* () {
var _a, _b;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -10598,8 +10616,8 @@ var require_copyEnvironment = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var createEnvironment_1 = require_createEnvironment();
function copyEnvironment(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -11133,8 +11151,8 @@ var require_addSolutionComponent = __commonJS({
var authenticate_1 = require_authenticate();
var createPacRunner_1 = require_createPacRunner();
function addSolutionComponent(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
const pacArgs = ["solution", "add-solution-component"];
Expand Down Expand Up @@ -24095,15 +24113,26 @@ var require_getCredentials = __commonJS({
// no MgtIdentity support for Actions yet
};
const isCcValid = isClientCredentialsValid(clientCredentials);
if (isUpValid && isCcValid) {
throw new Error("Too many authentication parameters specified. Must pick either username/password or app-id/client-secret/tenant-id for the authentication flow.");
const federatedCredentials = {
tenantId: getInput("tenant-id"),
appId: getInput("app-id"),
cloudInstance: getInput("cloud"),
federationProvider: "GitHub",
scheme: "WorkloadIdentityFederation"
};
const isFcValid = isFederatedCredentialsValid(federatedCredentials);
if (isUpValid && (isCcValid || isFcValid)) {
throw new Error("Too many authentication parameters specified. Must pick either username/password, app-id/tenant-id with Federation Credentials, or app-id/client-secret/tenant-id for the authentication flow.");
}
if (isUpValid) {
return usernamePassword;
}
if (isCcValid) {
return clientCredentials;
}
if (isFcValid) {
return federatedCredentials;
}
throw new Error("Must provide either username/password or app-id/client-secret/tenant-id for authentication!");
}
exports2.default = getCredentials;
Expand All @@ -24116,6 +24145,9 @@ var require_getCredentials = __commonJS({
function isClientCredentialsValid(clientCredentials) {
return !!clientCredentials.appId && !!clientCredentials.clientSecret && !!clientCredentials.tenantId;
}
function isFederatedCredentialsValid(federatedCredentials) {
return !!federatedCredentials.appId && !!federatedCredentials.tenantId;
}
}
});

Expand Down Expand Up @@ -24245,7 +24277,7 @@ var require_package = __commonJS({
"@actions/core": "^1.10.0",
"@actions/exec": "^1.1.1",
"@actions/io": "^1.1.3",
"@microsoft/powerplatform-cli-wrapper": "^0.1.118",
"@microsoft/powerplatform-cli-wrapper": "^0.1.119",
"date-fns": "^2.30.0",
"fs-extra": "^11.1.1",
"js-yaml": "^4.1",
Expand Down
58 changes: 45 additions & 13 deletions dist/actions/assign-group/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,11 +131,29 @@ var require_authenticate = __commonJS({
return ["--url", url];
}
function addCredentials(credentials) {
return isUsernamePassword(credentials) ? addUsernamePassword(credentials) : addClientCredentials(credentials);
if (isUsernamePassword(credentials)) {
return addUsernamePassword(credentials);
} else if (isFederatedCredentials(credentials)) {
return addFederatedCredentials(credentials);
} else {
return addClientCredentials(credentials);
}
}
function isUsernamePassword(credentials) {
return "username" in credentials;
}
function isFederatedCredentials(credentials) {
return "federationProvider" in credentials;
}
function addFederatedCredentials(parameters) {
return [
"--applicationId",
parameters.appId,
"--tenant",
parameters.tenantId,
parameters.federationProvider == "AzureDevOps" ? "--azureDevOpsFederated" : "--githubFederated"
];
}
function addClientCredentials(parameters) {
if (parameters.scheme == "ManagedServiceIdentity") {
return ["--managedIdentity"];
Expand Down Expand Up @@ -324,8 +342,8 @@ var require_exportSolution = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var path = require("path");
function exportSolution(parameters, runnerParameters, host) {
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
return __awaiter2(this, void 0, void 0, function* () {
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
function resolveFolder(folder) {
if (!folder || typeof folder !== "string")
return void 0;
Expand Down Expand Up @@ -435,8 +453,8 @@ var require_whoAmI = __commonJS({
var authenticate_1 = require_authenticate();
var createPacRunner_1 = require_createPacRunner();
function whoAmI(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -503,8 +521,8 @@ var require_importSolution = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var path = require("path");
function importSolution(parameters, runnerParameters, host) {
var _a, _b, _c;
return __awaiter2(this, void 0, void 0, function* () {
var _a, _b, _c;
function resolveFolder(folder) {
if (!folder || typeof folder !== "string")
return void 0;
Expand Down Expand Up @@ -9793,8 +9811,8 @@ var require_checkSolution = __commonJS({
var authenticate_1 = require_authenticate();
var fs_extra_1 = require_lib();
function checkSolution(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
const validator = new InputValidator_1.InputValidator(host);
Expand Down Expand Up @@ -10219,8 +10237,8 @@ var require_restoreEnvironment = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var createEnvironment_1 = require_createEnvironment();
function restoreEnvironment(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -10452,8 +10470,8 @@ var require_unpackSolution = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var solutionPackagingBase_1 = require_solutionPackagingBase();
function unpackSolution(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -10519,8 +10537,8 @@ var require_resetEnvironment = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var createEnvironment_1 = require_createEnvironment();
function resetEnvironment(parameters, runnerParameters, host) {
var _a, _b;
return __awaiter2(this, void 0, void 0, function* () {
var _a, _b;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -10598,8 +10616,8 @@ var require_copyEnvironment = __commonJS({
var createPacRunner_1 = require_createPacRunner();
var createEnvironment_1 = require_createEnvironment();
function copyEnvironment(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
try {
Expand Down Expand Up @@ -11133,8 +11151,8 @@ var require_addSolutionComponent = __commonJS({
var authenticate_1 = require_authenticate();
var createPacRunner_1 = require_createPacRunner();
function addSolutionComponent(parameters, runnerParameters, host) {
var _a;
return __awaiter2(this, void 0, void 0, function* () {
var _a;
const logger = runnerParameters.logger;
const pac = (0, createPacRunner_1.default)(runnerParameters);
const pacArgs = ["solution", "add-solution-component"];
Expand Down Expand Up @@ -24095,15 +24113,26 @@ var require_getCredentials = __commonJS({
// no MgtIdentity support for Actions yet
};
const isCcValid = isClientCredentialsValid(clientCredentials);
if (isUpValid && isCcValid) {
throw new Error("Too many authentication parameters specified. Must pick either username/password or app-id/client-secret/tenant-id for the authentication flow.");
const federatedCredentials = {
tenantId: getInput("tenant-id"),
appId: getInput("app-id"),
cloudInstance: getInput("cloud"),
federationProvider: "GitHub",
scheme: "WorkloadIdentityFederation"
};
const isFcValid = isFederatedCredentialsValid(federatedCredentials);
if (isUpValid && (isCcValid || isFcValid)) {
throw new Error("Too many authentication parameters specified. Must pick either username/password, app-id/tenant-id with Federation Credentials, or app-id/client-secret/tenant-id for the authentication flow.");
}
if (isUpValid) {
return usernamePassword;
}
if (isCcValid) {
return clientCredentials;
}
if (isFcValid) {
return federatedCredentials;
}
throw new Error("Must provide either username/password or app-id/client-secret/tenant-id for authentication!");
}
exports2.default = getCredentials;
Expand All @@ -24116,6 +24145,9 @@ var require_getCredentials = __commonJS({
function isClientCredentialsValid(clientCredentials) {
return !!clientCredentials.appId && !!clientCredentials.clientSecret && !!clientCredentials.tenantId;
}
function isFederatedCredentialsValid(federatedCredentials) {
return !!federatedCredentials.appId && !!federatedCredentials.tenantId;
}
}
});

Expand Down Expand Up @@ -24245,7 +24277,7 @@ var require_package = __commonJS({
"@actions/core": "^1.10.0",
"@actions/exec": "^1.1.1",
"@actions/io": "^1.1.3",
"@microsoft/powerplatform-cli-wrapper": "^0.1.118",
"@microsoft/powerplatform-cli-wrapper": "^0.1.119",
"date-fns": "^2.30.0",
"fs-extra": "^11.1.1",
"js-yaml": "^4.1",
Expand Down
Loading
Loading