Skip to content

Integrate AzArtifacts Credential Provider #1765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 100 commits into from
Jul 16, 2025
Merged

Integrate AzArtifacts Credential Provider #1765

merged 100 commits into from
Jul 16, 2025

Conversation

@alerickson
Copy link
Member

@alerickson alerickson commented Dec 19, 2024
edited
Loading

PR Summary

This PR integrates the Azure Artifacts Credential Provider into PSResourceGet.
Information on the cred provider and how to install, discover, and use the cred provider is located here: https://github.com/NuGet/Home/wiki/NuGet-cross-plat-authentication-plugin#plugin-installation-and-discovery.
Please use this link for setting up and configuring the cred provider for PSResourceGet as well. Also see: https://github.com/microsoft/artifacts-credprovider for using environment variables with the Credential Provider.

This PR adds a new dynamic parameter to Register-PSResourceRepository and Set-PSResourceRepository called -CredentialProvider, which is an enum with values None and AzArtifacts. The parameter only works with repositories that are not ContainerRegistry repositories. This is because the credential provider only works with Azure Artifact feeds, however Azure Artifact feeds can have any uri. Instead of only allowing the parameter to be used with Azure Artifact feeds, we are not allowing use for feeds in which we know we cannot use the credential provider for.

PSResourceGet will automatically set the value CredentialProvider to AzArtifacts if it recognizes that the repository is definitely an Azure Artifacts feed. This is done by checking to see if the uri contains pkgs.dev.azure.com or pkgs.visualstudio.com. This check is done when registering a new repository or when PSResourceGet reads repositories from the PSResourceRepository.xml file.

PSResourceGet looks for the credential provider any time network credentials are set. The new priority ordering for credentials is:
     1. Credentials passed in via parameter -Credential.
     2. Credentials retrieved via the AzArtifacts Credential Provider.
     3. Credentials retrieved from SecretManagement.

The Credential Provider can be bypassed by setting the -CredentialProvider parameter to None.

If the CredentialProvider property is set to AzArtifacts for a repository, PSResourceGet will attempt to find the Credential Provider file on the machine in the following order:
     1. Checking the environment variable NUGET_PLUGIN_PATHS
     2. Checking the default locations: $env:UserProfile\.nuget\plugins
     3. Checking the fixed location where Visual Studio is installed: common7\IDE\CommonExtensions\Microsoft\NuGet
More information on this discovery process can be found in the link above.

Once the Credential Provider is found, PSResourceGet calls the provider with the following arguments:
CredentialProvider.Microsoft.exe -Uri <uri> -NonInteractive -IsRetry -F Json
Or
dotnet CredentialProvider.Microsoft.dll -Uri <uri> -NonInteractive -IsRetry -F Json

Right now, this means that for Unix machines, there is a dependency on the dotnet cli to call the Credential Provider.

Once credentials are retrieved, they are used to make the network call, as is done when using the -Credential parameter or SecretManagement.

PR Context

Resolves #1658
Resolves #1601
Resolves #1511

PR Checklist

@alerickson alerickson changed the title Integrate AzArtifacts Credential Provider WIP: Integrate AzArtifacts Credential Provider Dec 20, 2024
@alerickson
Copy link
Member Author

alerickson commented Jan 3, 2025

/azp run PowerShell.PSResourceGet

@azure-pipelines
Copy link

azure-pipelines bot commented Jan 3, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@MatejKafka-MSFT
Copy link

MatejKafka-MSFT commented Jun 28, 2025

Just wondering, what is the state of this PR? Is it abandoned, or can I expect PSResourceGet to get support for AzDO auth in the near future? :)

Afroz Mohammed and others added 11 commits June 30, 2025 11:33
@alerickson
Fix #1777: Fixes bug with nuspec dependency version range when versio…
f994d14 
…ns are specified in RequiredModules section

Fixes bug with generated nuspec dependency version range when RequiredVersion,MaxiumumVersion and ModuleVersion are specified in RequiredModules section
@anamnavi @alerickson
only convert Version info to hashtable if its not an empty string
1cfdf2a
@anamnavi @alerickson
delete unzippedPath in test after it's written to or subsequent Expan…
f3fe35e 
…d-Archive calls to that path will fail
@anamnavi @alerickson
Update Dependency parsing logic to account for Az packages with Az* n…
97ef9d7 
…aming
@anamnavi @alerickson
specify Azpreview explicitly in condition
b1ba2b2
@anamnavi @alerickson
add test for Azpreview from MAR
d189750
@anamnavi @alerickson
fix test for Azpreview from MAR
35bce61
@anamnavi @alerickson
update outdated az FindName() from MAR test
74abeb0
@anamnavi @alerickson
check if version is greaterthan not equal
79f1e23
@adityapatwardhan @alerickson
Allow wildcard for MAR repository for FindAll and FindByName (#1786)
25bee9d
@adityapatwardhan @alerickson
Use authentication challenge for unauthenticated container registry r…
ffa42a9 
…epository (#1797)
@azure-pipelines
Copy link

azure-pipelines bot commented Jul 11, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@alerickson alerickson changed the title WIP: Integrate AzArtifacts Credential Provider Integrate AzArtifacts Credential Provider Jul 12, 2025
adityapatwardhan
adityapatwardhan requested changes Jul 14, 2025
View reviewed changes
@alerickson
Copy link
Member Author

alerickson commented Jul 15, 2025

/azp run PowerShell.PSResourceGet

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 15, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@alerickson
Copy link
Member Author

alerickson commented Jul 15, 2025

/azp run PowerShell.PSResourceGet

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 15, 2025

Azure Pipelines successfully started running 1 pipeline(s).

adityapatwardhan
adityapatwardhan requested changes Jul 15, 2025
View reviewed changes
@alerickson
Copy link
Member Author

alerickson commented Jul 15, 2025

/azp run PowerShell.PSResourceGet

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 15, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@alerickson
Copy link
Member Author

alerickson commented Jul 15, 2025

/azp run PowerShell.PSResourceGet

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 15, 2025

Azure Pipelines successfully started running 1 pipeline(s).

adityapatwardhan
adityapatwardhan reviewed Jul 16, 2025
View reviewed changes
@alerickson
Copy link
Member Author

alerickson commented Jul 16, 2025

/azp run PowerShell.PSResourceGet

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 16, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@alerickson alerickson enabled auto-merge (squash) July 16, 2025 20:21
@alerickson alerickson merged commit 55e066c into master Jul 16, 2025
12 checks passed
@alerickson alerickson deleted the addAdoCredProvider branch October 3, 2025 01:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adityapatwardhan adityapatwardhan adityapatwardhan approved these changes

@anamnavi anamnavi Awaiting requested review from anamnavi anamnavi is a code owner

@SydneyhSmith SydneyhSmith Awaiting requested review from SydneyhSmith SydneyhSmith is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

7 participants

@alerickson @MatejKafka-MSFT @adityapatwardhan @anamnavi @sdwheeler @o-l-a-v