Removes deprecated SharedTokenCache, Adds Azure Pipelines and Azure Developer CLI credentials#206
Conversation
…teractive chain - Remove SharedTokenCacheCredential from NonInteractive chain (deprecated in Azure.Identity) - Add AzureDeveloperCliCredential to NonInteractive chain (available since Azure.Identity 1.10.0) - Update ValidateSet, default CredentialPrecedence, switch statement, doc URLs, and help docs - Update CHANGELOG with unreleased entries Agent-Logs-Url: https://github.com/PalmEmanuel/AzAuth/sessions/604aff3f-8096-4773-8798-43fa246ec7d2 Co-authored-by: PalmEmanuel <3384251+PalmEmanuel@users.noreply.github.com>
Test Results 3 files 39 suites 4s ⏱️ Results for commit fe92134. ♻️ This comment has been updated with latest results. |
|
@copilot Aren't there any other credential types that I'm missing from this namespace in Azure.Identity? https://learn.microsoft.com/en-us/dotnet/api/azure.identity?view=azure-dotnet |
…ipelines, OnBehalfOf, AuthorizationCode After auditing all credential types in Azure.Identity 1.19.0, the following were missing: - WorkloadIdentityCredential added to NonInteractive chain (env-var based, Kubernetes workload identity) - AzurePipelinesCredential added as -AzurePipelines parameter set (Azure Pipelines OIDC) - OnBehalfOfCredential added as -OnBehalfOf parameter set (3 variants: secret, cert, cert path) - AuthorizationCodeCredential added as -AuthorizationCode parameter set (OAuth 2.0 auth code flow) UsernamePasswordCredential was excluded as it is deprecated in Azure.Identity 1.19.0. Agent-Logs-Url: https://github.com/PalmEmanuel/AzAuth/sessions/5901a382-f953-4e5d-8291-5649a5af1165 Co-authored-by: PalmEmanuel <3384251+PalmEmanuel@users.noreply.github.com>
Yes, after auditing all exported Added to NonInteractive chain:
New explicit parameter sets:
Excluded (intentionally):
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Agent-Logs-Url: https://github.com/PalmEmanuel/AzAuth/sessions/369ca9aa-1bb3-4150-8e56-1fee519eeb63 Co-authored-by: PalmEmanuel <3384251+PalmEmanuel@users.noreply.github.com>
|
@copilot can you ensure that the docs changes actually reflect the changes we made in the commits (removing some stuff) |
Verified — the docs are already in sync with the code. All 11 parameter sets in the C# match the 11 SYNTAX blocks in the docs, all 23 parameters match exactly, and there are no stale |
|
@copilot Yeah but go through the changes you made in other files, changelog for example. |
Agent-Logs-Url: https://github.com/PalmEmanuel/AzAuth/sessions/9a2ffbfa-d285-4965-8eaa-dbafee502a29 Co-authored-by: PalmEmanuel <3384251+PalmEmanuel@users.noreply.github.com>
Fixed in |
* Initial plan * Remove WorkloadIdentity credential (parameter set, non-interactive chain, tests, docs) Agent-Logs-Url: https://github.com/PalmEmanuel/AzAuth/sessions/e86bc179-5996-4037-85a9-3bbccd08416e Co-authored-by: PalmEmanuel <3384251+PalmEmanuel@users.noreply.github.com> * Fix: only remove WorkloadIdentity from non-interactive chain, preserve explicit parameter set Agent-Logs-Url: https://github.com/PalmEmanuel/AzAuth/sessions/9c68a216-fa3e-40c3-ac12-94538d419043 Co-authored-by: PalmEmanuel <3384251+PalmEmanuel@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: PalmEmanuel <3384251+PalmEmanuel@users.noreply.github.com>
|
@copilot Can you update the description of the PR with the actual changes after all the iterations now? |
Updated the PR description to reflect the actual net changes across all iterations:
|
Audits and consolidates the Azure.Identity credential types available in
Get-AzToken, removing deprecated options and adding previously missing ones.Changes Made
Removed
SharedTokenCachefrom the-CredentialPrecedenceparameter and the default non-interactive credential chain (TokenManager.NonInteractive.cs), asSharedTokenCacheCredentialis deprecated in Azure.IdentityAdded
AzureDeveloperClito the-CredentialPrecedenceparameter and the non-interactive credential chain, allowing use of Azure Developer CLI (azd) credentials-AzurePipelinesparameter set toGet-AzTokenfor Azure Pipelines service connection OIDC authentication (AzurePipelinesCredential), backed by a newTokenManager.AzurePipelines.csFiles Changed
source/AzAuth.PS/Cmdlets/GetAzToken.cs— new-AzurePipelinesparameter set, removedSharedTokenCachefrom-CredentialPrecedencesource/AzAuth.Core/TokenManagerAuthMethods/TokenManager.NonInteractive.cs— replacedSharedTokenCacheCredentialwithAzureDeveloperCliCredentialsource/AzAuth.Core/TokenManagerAuthMethods/TokenManager.AzurePipelines.cs— new file implementingAzurePipelinesCredentialauthtests/Get-AzToken.Tests.ps1— added coverage for the-AzurePipelinesparameter setdocs/help/Get-AzToken.md— documented the new-AzurePipelinesparameter set and removedSharedTokenCachefrom-CredentialPrecedenceCHANGELOG.md— updated[Unreleased]section to reflect net changesOriginal prompt
🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.