From 23219253d5bbb05699fb2812a870d16e6894c4ad Mon Sep 17 00:00:00 2001 From: Ahmed ElSayed Date: Fri, 21 Apr 2023 19:59:03 -0700 Subject: [PATCH 1/2] Use AAD auth for scm access if available --- packages/appservice-rest/package.json | 4 ++-- .../src/Arm/azure-app-service.ts | 6 +++++- .../src/Kudu/KuduServiceClient.ts | 12 ++++++----- .../src/Kudu/azure-app-kudu-service.ts | 12 +++++++---- .../src/Utilities/AzureAppServiceUtility.ts | 20 ++++++++++++++++--- packages/webclient/package.json | 2 +- packages/webclient/src/AzureRestClient.ts | 4 ++++ 7 files changed, 44 insertions(+), 16 deletions(-) diff --git a/packages/appservice-rest/package.json b/packages/appservice-rest/package.json index 47b8329..e06d8da 100644 --- a/packages/appservice-rest/package.json +++ b/packages/appservice-rest/package.json @@ -1,6 +1,6 @@ { "name": "azure-actions-appservice-rest", - "version": "1.3.9", + "version": "1.3.10", "description": "Azure resource manager and kudu node rest module", "keywords": [ "appservice", @@ -29,7 +29,7 @@ "@actions/core": "^1.1.10", "@actions/io": "^1.0.1", "@types/node": "^14.14.31", - "azure-actions-webclient": "^1.1.0", + "azure-actions-webclient": "^1.1.1", "copy": "^0.3.2", "fs": "0.0.1-security", "util": "^0.12.1", diff --git a/packages/appservice-rest/src/Arm/azure-app-service.ts b/packages/appservice-rest/src/Arm/azure-app-service.ts index fcd201c..e7ae2f0 100644 --- a/packages/appservice-rest/src/Arm/azure-app-service.ts +++ b/packages/appservice-rest/src/Arm/azure-app-service.ts @@ -114,6 +114,10 @@ export class AzureAppService { } } + public getAccessToken(): Promise { + return this._client.getAccessToken(); + } + public async getApplicationSettings(force?: boolean): Promise { if(force || !this._appServiceApplicationSetings) { this._appServiceApplicationSetings = await this._getApplicationSettings(); @@ -604,4 +608,4 @@ export class AzureAppService { setTimeout(resolve, sleepDurationInSeconds * 1000); }); } - } \ No newline at end of file + } diff --git a/packages/appservice-rest/src/Kudu/KuduServiceClient.ts b/packages/appservice-rest/src/Kudu/KuduServiceClient.ts index 09b17c9..2df27c5 100644 --- a/packages/appservice-rest/src/Kudu/KuduServiceClient.ts +++ b/packages/appservice-rest/src/Kudu/KuduServiceClient.ts @@ -6,19 +6,21 @@ import core = require('@actions/core'); export class KuduServiceClient { private _scmUri; - private _accesssToken: string; + private _accessToken: string; + private _accessTokenType: "Basic" | "Bearer"; private _cookie: string[]; private _webClient: WebClient; - constructor(scmUri: string, accessToken: string) { - this._accesssToken = accessToken; + constructor(scmUri: string, accessToken: string, accessTokenType: "Basic" | "Bearer") { + this._accessToken = accessToken; + this._accessTokenType = accessTokenType; this._scmUri = scmUri; this._webClient = new WebClient(); } public async beginRequest(request: WebRequest, reqOptions?: WebRequestOptions, contentType?: string): Promise { request.headers = request.headers || {}; - request.headers["Authorization"] = "Basic " + this._accesssToken; + request.headers["Authorization"] = `${this._accessTokenType} ${this._accessToken}` request.headers['Content-Type'] = contentType || 'application/json; charset=utf-8'; if(!!this._cookie) { @@ -71,4 +73,4 @@ export class KuduServiceClient { public getScmUri(): string { return this._scmUri; } -} \ No newline at end of file +} diff --git a/packages/appservice-rest/src/Kudu/azure-app-kudu-service.ts b/packages/appservice-rest/src/Kudu/azure-app-kudu-service.ts index 09a1950..a007777 100644 --- a/packages/appservice-rest/src/Kudu/azure-app-kudu-service.ts +++ b/packages/appservice-rest/src/Kudu/azure-app-kudu-service.ts @@ -15,9 +15,13 @@ export const KUDU_DEPLOYMENT_CONSTANTS = { export class Kudu { private _client: KuduServiceClient; - constructor(scmUri: string, username: string, password: string) { - var base64EncodedCredential = (new Buffer(username + ':' + password).toString('base64')); - this._client = new KuduServiceClient(scmUri, base64EncodedCredential); + constructor(scmUri: string, credentials: {username: string, password: string} | string) { + const accessToken = typeof credentials === 'string' + ? credentials + : (new Buffer(credentials.username + ':' + credentials.password).toString('base64')); + const accessTokenType = typeof credentials === 'string' ? "Bearer" : "Basic" + + this._client = new KuduServiceClient(scmUri, accessToken, accessTokenType); } public async updateDeployment(requestBody: any): Promise { @@ -406,4 +410,4 @@ export class Kudu { setTimeout(resolve, sleepDurationInSeconds * 1000); }); } -} \ No newline at end of file +} diff --git a/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts b/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts index 09136cb..0a5efd4 100644 --- a/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts +++ b/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts @@ -79,15 +79,29 @@ export class AzureAppServiceUtility { } public async getKuduService(): Promise { + try { + const token = await this._appService.getAccessToken() + if (!!token) { + console.log(`::add-mask::${token}`); + const app = await this._appService.get() + const scmUri = (app.properties["hostNameSslStates"] || []).find(n => n.hostType == "Repository"); + if (!!scmUri) { + return new Kudu(scmUri["name"], token) + } + } + } catch (e) { + console.log('Error getting accessToken. Falling back to publishing profile: ' + e); + } + var publishingCredentials = await this._appService.getPublishingCredentials(); if(publishingCredentials.properties["scmUri"]) { - let userName = publishingCredentials.properties["publishingUserName"]; + let username = publishingCredentials.properties["publishingUserName"]; let password = publishingCredentials.properties["publishingPassword"]; // masking kudu password console.log(`::add-mask::${password}`); - return new Kudu(publishingCredentials.properties["scmUri"], userName, password); + return new Kudu(publishingCredentials.properties["scmUri"], { username, password }); } throw Error('KUDU SCM details are empty'); @@ -151,4 +165,4 @@ export class AzureAppServiceUtility { return isNewValueUpdated; } -} \ No newline at end of file +} diff --git a/packages/webclient/package.json b/packages/webclient/package.json index 0c57505..08cbe32 100644 --- a/packages/webclient/package.json +++ b/packages/webclient/package.json @@ -1,6 +1,6 @@ { "name": "azure-actions-webclient", - "version": "1.1.0", + "version": "1.1.1", "description": "Authorize to azure and make rest calls", "keywords": [ "webclient", diff --git a/packages/webclient/src/AzureRestClient.ts b/packages/webclient/src/AzureRestClient.ts index 8be979b..f93e8e9 100644 --- a/packages/webclient/src/AzureRestClient.ts +++ b/packages/webclient/src/AzureRestClient.ts @@ -172,6 +172,10 @@ export class ServiceClient { return response; } + public getAccessToken(): Promise { + return this._authorizer.getToken() + } + private _sleep(sleepDurationInSeconds: number): Promise { return new Promise((resolve) => { setTimeout(resolve, sleepDurationInSeconds * 1000); From 4999508a29cd2c9a8247a000377359f22f5dcce1 Mon Sep 17 00:00:00 2001 From: Ahmed ElSayed Date: Fri, 21 Apr 2023 21:08:57 -0700 Subject: [PATCH 2/2] Update AzureAppServiceUtility.ts --- .../appservice-rest/src/Utilities/AzureAppServiceUtility.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts b/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts index 0a5efd4..e1ab72a 100644 --- a/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts +++ b/packages/appservice-rest/src/Utilities/AzureAppServiceUtility.ts @@ -86,7 +86,7 @@ export class AzureAppServiceUtility { const app = await this._appService.get() const scmUri = (app.properties["hostNameSslStates"] || []).find(n => n.hostType == "Repository"); if (!!scmUri) { - return new Kudu(scmUri["name"], token) + return new Kudu(`https://${scmUri["name"]}`, token) } } } catch (e) {