@@ -42,14 +42,84 @@ Write-Host "Starting processing"
4242# retrieve service connection object
4343$serviceConnection = Get-VstsEndpoint - Name $azureSubscription - Require
4444
45- # get service connection object properties
46- $servicePrincipalId = $serviceConnection.auth.parameters.serviceprincipalid
47- $servicePrincipalkey = $serviceConnection.auth.parameters.serviceprincipalkey
48- $tenantId = $serviceConnection.auth.parameters.tenantid
49-
5045# initialize aadAuthenticationFactory
5146Write-Verbose " Initialize AadAuthenticationFactory object..."
52- Initialize-AadAuthenticationFactory - servicePrincipalId $servicePrincipalId - servicePrincipalKey $servicePrincipalkey - tenantId $tenantId
47+ switch ($serviceConnection.auth.scheme ) {
48+ ' ServicePrincipal'
49+ # get service connection object properties
50+ $servicePrincipalId = $serviceConnection.auth.parameters.serviceprincipalid
51+ $servicePrincipalkey = $serviceConnection.auth.parameters.serviceprincipalkey
52+ $tenantId = $serviceConnection.auth.parameters.tenantid
53+
54+ # SPNcertificate
55+ if ($serviceConnection.auth.parameters.authenticationType -eq ' SPNCertificate'
56+ Write-Host " ServicePrincipal with Certificate auth"
57+
58+ $certData = $serviceConnection.Auth.parameters.servicePrincipalCertificate
59+ $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2 ]::CreateFromPem($certData , $certData )
60+
61+ Initialize-AadAuthenticationFactory `
62+ - servicePrincipalId $servicePrincipalId `
63+ - servicePrincipalKey $servicePrincipalkey `
64+ - tenantId $tenantId `
65+ - cert $cert
66+ }
67+ # Service Principal
68+ else {
69+ Write-Host " ServicePrincipal with ClientSecret auth"
70+
71+ Initialize-AadAuthenticationFactory `
72+ - servicePrincipalId $servicePrincipalId `
73+ - servicePrincipalKey $servicePrincipalkey `
74+ - tenantId $tenantId
75+ }
76+ break ;
77+ }
78+
79+ ' ManagedServiceIdentity'
80+ Write-Host " ManagedIdentitx auth"
81+
82+ Initialize-AadAuthenticationFactory `
83+ - serviceConnection $serviceConnection
84+ break ;
85+ }
86+
87+ ' WorkloadIdentityFederation'
88+ Write-Host " Workload identity auth"
89+
90+ # get service connection properties
91+ $planId = Get-VstsTaskVariable - Name ' System.PlanId' - Require
92+ $jobId = Get-VstsTaskVariable - Name ' System.JobId' - Require
93+ $hub = Get-VstsTaskVariable - Name ' System.HostType' - Require
94+ $projectId = Get-VstsTaskVariable - Name ' System.TeamProjectId' - Require
95+ $uri = Get-VstsTaskVariable - Name ' System.CollectionUri' - Require
96+ $serviceConnectionId = $azureSubscription
97+
98+ Write-Verbose " Getting access token for service connection"
99+ $vstsEndpoint = Get-VstsEndpoint - Name SystemVssConnection - Require
100+ $vstsAccessToken = $vstsEndpoint.auth.parameters.AccessToken
101+
102+ $url = " $uri /$projectId /_apis/distributedtask/hubs/$hub /plans/$planId /jobs/$jobId /oidctoken?serviceConnectionId=$serviceConnectionId `&api-version=7.2-preview.1"
103+
104+ $username = " username"
105+ $password = $vstsAccessToken
106+ $base64AuthInfo = [Convert ]::ToBase64String([Text.Encoding ]::ASCII.GetBytes((" {0}:{1}" -f $username , $password )))
107+
108+ Write-Verbose " Getting OIDC token from VSTS on uri: $url "
109+ $response = Invoke-RestMethod - Uri $url - Method Post - Headers @ { " Authorization" = (" Basic {0}" -f $base64AuthInfo ) } - ContentType " application/json"
110+
111+ $assertion = $response.oidcToken
112+
113+ $servicePrincipalId = $serviceConnection.auth.parameters.serviceprincipalid
114+ $tenantId = $serviceConnection.auth.parameters.tenantid
115+ Write-verbose " Initializing AAD factory with clientId $servicePrincipalId for tenant $tenantId "
116+ Initialize-AadAuthenticationFactory `
117+ - servicePrincipalId $servicePrincipalId `
118+ - assertion $assertion `
119+ - tenantId $tenantId
120+ break ;
121+ }
122+ }
53123
54124# initialize runtime according to environment environment
55125Init- Environment - ProjectDir $ProjectDir - Environment $EnvironmentName
0 commit comments