Add support for token reading from stdin and environment #520
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…as expected. All tests passing now. Also when running out of order.
Contributor
Author
|
@tarunramsinghani this adds support for reading the token from the AZURE_DEVOPS_TOKEN variable or from stdin. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduce functionality to read authentication tokens from standard input and environment variables, enhancing flexibility in credential management. Update tests to validate the new token sources.
Should fix: #519
This pull request introduces support for securely passing Azure DevOps Personal Access Tokens (PAT) via stdin, environment variables, and improves authentication flexibility and documentation. The most important changes include the addition of a
--token-from-stdinoption, updates to authentication priority, new documentation, and refactoring of credential handling logic. These changes enhance security, especially for CI/CD pipelines, and clarify usage for end users.Authentication improvements:
StdinStringArgumentclass and registered the--token-from-stdinoption, allowing tokens to be read securely from stdin. This is prioritized after explicit--tokenand before environment variables or stored credentials. [1] [2] [3]TfCommandto support the new priority order: username/password, explicit token, token from stdin, environment variable (AZURE_DEVOPS_TOKEN), stored credentials, and interactive prompt. Also added mutual exclusivity checks for--tokenand--token-from-stdin. [1] [2]Documentation updates:
README.mdanddocs/extensions.mdto document new authentication methods, including environment variable and stdin usage, and clarified the recommended approaches for CI/CD and security. [1] [2]docs/token-from-stdin.mdfile detailing usage scenarios, priority order, and security benefits of the--token-from-stdinfeature.Testing and dependency changes:
adm-zipas a dependency and integrated it into test setup, along with new test utility to enforce Azure token isolation in integration tests. [1] [2] [3] [4]Minor improvements:
merger.tsfor clarity and async/await usage. [1] [2]0.23.0to reflect new features.