Integrate AzArtifacts Credential Provider

.ci/test.yml

@@ -21,6 +21,11 @@ jobs:
     displayName: Install Secret store
     condition: eq(${{ parameters.useAzAuth }}, false)
 
+  - task: NuGetAuthenticate@1
+    displayName: Install Azure Artifacts Credential Provider
+    inputs:
+      forceReinstallCredentialProvider: true
+
   - task: DownloadBuildArtifacts@0
     displayName: 'Download artifacts'
     inputs:
@@ -63,6 +68,37 @@ jobs:
     displayName: Install module for test from downloaded artifact
     workingDirectory: ${{ parameters.buildDirectory }}
 
+  - task: AzurePowerShell@5
+    inputs:
+      azureSubscription: PSResourceGetACR
+      azurePowerShellVersion: LatestVersion
+      ScriptType: InlineScript
+      pwsh: true
+      inline: |
+        Write-Verbose -Verbose "Setting up secret for Azure Artifacts Credential Provider"
+        $azt = (Get-AzAccessToken).Token | ConvertFrom-SecureString -AsPlainText
+
+        Write-Verbose -Verbose "Setting up Azure Artifacts Credential Provider secret - token - $azt"
+
+        $ADORepoName = "psrg-credprovidertest"
+        $ADORepoUri = "https://pkgs.dev.azure.com/powershell-rel/PSResourceGet/_packaging/psrg-credprovidertest/nuget/v2"
+
+        $endpointCredsObj = @{ endpointCredentials = @( @{ endpoint = $ADoRepoURI; password = $azt })}
+        $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS = $endpointCredsObj | ConvertTo-Json -Compress
+
+        Write-Verbose -Verbose "Setting VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS"
+
+        $vstsCommandString = "vso[task.setvariable variable=VSS_NUGET_EXTERNAL_FEED_ENDPOINTS]$VSS_NUGET_EXTERNAL_FEED_ENDPOINTS"
+        Write-Host "sending " + $vstsCommandString
+        Write-Host "##$vstsCommandString"
+
+    displayName: 'Setup Azure Artifacts Credential Provider secret'
+    condition: eq(${{ parameters.useAzAuth }}, false)
+
+  - pwsh: |
+      Get-ChildItem -Path env: | Out-String -width 9999 -Stream | Write-Verbose -Verbose
+    displayName: Capture environment
+
   - task: AzurePowerShell@5
     inputs:
       azureSubscription: PSResourceGetACR

src/code/FindHelper.cs

@@ -202,7 +202,16 @@ public IEnumerable<PSResourceInfo> FindByResourceName(
                 }
 
                 repositoryNamesToSearch.Add(currentRepository.Name);
-                _networkCredential = Utils.SetNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+
+                // Set network credentials via passed in credentials, AzArtifacts CredentialProvider, or SecretManagement.
+                if (currentRepository.CredentialProvider.Equals(PSRepositoryInfo.CredentialProviderType.AzArtifacts))
+                { 
+                    _networkCredential = Utils.SetCredentialProviderNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+                else {
+                    _networkCredential = Utils.SetSecretManagementNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+
                 ServerApiCall currentServer = ServerFactory.GetServer(currentRepository, _cmdletPassedIn, _networkCredential);
                 if (currentServer == null)
                 {
@@ -387,7 +396,17 @@ public IEnumerable<PSCommandResourceInfo> FindByCommandOrDscResource(
                 }
 
                 repositoryNamesToSearch.Add(currentRepository.Name);
-                _networkCredential = Utils.SetNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+
+                // Set network credentials via passed in credentials, AzArtifacts CredentialProvider, or SecretManagement.
+                if (currentRepository.CredentialProvider.Equals(PSRepositoryInfo.CredentialProviderType.AzArtifacts))
+                {
+                    _networkCredential = Utils.SetCredentialProviderNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+                else
+                {
+                    _networkCredential = Utils.SetSecretManagementNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+
                 ServerApiCall currentServer = ServerFactory.GetServer(currentRepository, _cmdletPassedIn, _networkCredential);
                 if (currentServer == null)
                 {
@@ -591,7 +610,17 @@ public IEnumerable<PSResourceInfo> FindByTag(
                 }
 
                 repositoryNamesToSearch.Add(currentRepository.Name);
-                _networkCredential = Utils.SetNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+
+                // Set network credentials via passed in credentials, AzArtifacts CredentialProvider, or SecretManagement.
+                if (currentRepository.CredentialProvider.Equals(PSRepositoryInfo.CredentialProviderType.AzArtifacts))
+                {
+                    _networkCredential = Utils.SetCredentialProviderNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+                else
+                {
+                    _networkCredential = Utils.SetSecretManagementNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+
                 ServerApiCall currentServer = ServerFactory.GetServer(currentRepository, _cmdletPassedIn, _networkCredential);
                 if (currentServer == null)
                 {

src/code/InstallHelper.cs

@@ -286,7 +286,16 @@ private List<PSResourceInfo> ProcessRepositories(
                 string repoName = currentRepository.Name;
                 sourceTrusted = currentRepository.Trusted || trustRepository;
 
-                _networkCredential = Utils.SetNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                // Set network credentials via passed in credentials, AzArtifacts CredentialProvider, or SecretManagement.
+                if (currentRepository.CredentialProvider.Equals(PSRepositoryInfo.CredentialProviderType.AzArtifacts))
+                {
+                    _networkCredential = Utils.SetCredentialProviderNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+                else
+                {
+                    _networkCredential = Utils.SetSecretManagementNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
+                }
+
                 ServerApiCall currentServer = ServerFactory.GetServer(currentRepository, _cmdletPassedIn, _networkCredential);
 
                 if (currentServer == null)
@@ -353,59 +362,6 @@ private List<PSResourceInfo> ProcessRepositories(
             return allPkgsInstalled;
         }
 
-        /// <summary>
-        /// Checks if any of the package versions are already installed and if they are removes them from the list of packages to install.
-        /// </summary>
-        private List<PSResourceInfo> FilterByInstalledPkgs(List<PSResourceInfo> packages)
-        {
-            // Package install paths.
-            // _pathsToInstallPkg will only contain the paths specified within the -Scope param (if applicable).
-            // _pathsToSearch will contain all resource package subdirectories within _pathsToInstallPkg path locations.
-            // e.g.:
-            // ./InstallPackagePath1/PackageA
-            // ./InstallPackagePath1/PackageB
-            // ./InstallPackagePath2/PackageC
-            // ./InstallPackagePath3/PackageD
-
-            _cmdletPassedIn.WriteDebug("In InstallHelper::FilterByInstalledPkgs()");
-            // Get currently installed packages.
-            var getHelper = new GetHelper(_cmdletPassedIn);
-            var installedPackageNames = new HashSet<string>(StringComparer.CurrentCultureIgnoreCase);
-            foreach (var installedPkg in getHelper.GetInstalledPackages(
-                pkgs: packages,
-                pathsToSearch: _pathsToSearch))
-            {
-                installedPackageNames.Add(installedPkg.Name);
-            }
-
-            if (installedPackageNames.Count is 0)
-            {
-                return packages;
-            }
-
-            // Return only packages that are not already installed.
-            var filteredPackages = new List<PSResourceInfo>();
-            foreach (var pkg in packages)
-            {
-                if (!installedPackageNames.Contains(pkg.Name))
-                {
-                    // Add packages that still need to be installed.
-                    filteredPackages.Add(pkg);
-                }
-                else
-                {
-                    // Remove from tracking list of packages to install.
-                    pkg.AdditionalMetadata.TryGetValue("NormalizedVersion", out string normalizedVersion);
-                    _cmdletPassedIn.WriteWarning($"Resource '{pkg.Name}' with version '{normalizedVersion}' is already installed.  If you would like to reinstall, please run the cmdlet again with the -Reinstall parameter");
-
-                    // Remove from tracking list of packages to install.
-                    _pkgNamesToInstall.RemoveAll(x => x.Equals(pkg.Name, StringComparison.InvariantCultureIgnoreCase));
-                }
-            }
-
-            return filteredPackages;
-        }
-
         /// <summary>
         /// Deletes temp directory and is called at end of install process.
         /// </summary>

src/code/PSRepositoryInfo.cs

@@ -27,74 +27,70 @@ public enum APIVersion
             ContainerRegistry
         }
 
+        public enum CredentialProviderType
+        {
+            None,
+            AzArtifacts
+        }
+
         #endregion
 
         #region Constructor
 
-        public PSRepositoryInfo(string name, Uri uri, int priority, bool trusted, PSCredentialInfo credentialInfo, APIVersion apiVersion, bool allowed)
+        public PSRepositoryInfo(string name, Uri uri, int priority, bool trusted, PSCredentialInfo credentialInfo, CredentialProviderType credentialProvider, APIVersion apiVersion, bool allowed)
         {
             Name = name;
             Uri = uri;
             Priority = priority;
             Trusted = trusted;
             CredentialInfo = credentialInfo;
+            CredentialProvider = credentialProvider;
             ApiVersion = apiVersion;
             IsAllowedByPolicy = allowed;
         }
 
         #endregion
 
-        #region Enum
-
-        public enum RepositoryProviderType
-        {
-            None,
-            ACR,
-            AzureDevOps
-        }
-
-        #endregion
-
         #region Properties
 
         /// <summary>
-        /// the Name of the repository
+        /// The Name of the repository.
         /// </summary>
         public string Name { get; }
 
         /// <summary>
-        /// the Uri for the repository
+        /// The Uri for the repository.
         /// </summary>
         public Uri Uri { get; }
 
         /// <summary>
-        /// whether the repository is trusted
+        /// Whether the repository is trusted.
         /// </summary>
         public bool Trusted { get; }
 
         /// <summary>
-        /// the priority of the repository
+        /// The priority of the repository.
         /// </summary>
         [ValidateRange(0, 100)]
         public int Priority { get; }
 
         /// <summary>
-        /// the type of repository provider (eg, AzureDevOps, ContainerRegistry, etc.)
+        /// The credential information for repository authentication.
         /// </summary>
-        public RepositoryProviderType RepositoryProvider { get; }
+        public PSCredentialInfo CredentialInfo { get; set; }
 
         /// <summary>
-        /// the credential information for repository authentication
+        /// Specifies which credential provider to use.
         /// </summary>
-        public PSCredentialInfo CredentialInfo { get; }
+        public CredentialProviderType CredentialProvider { get; set; }
 
         /// <summary>
-        /// the API protocol version for the repository
+        /// The API protocol version for the repository.
         /// </summary>
         public APIVersion ApiVersion { get; }
 
         // <summary>
-        /// is it allowed by policy
+        /// Specifies whether the repository is allowed by policy.
         /// </summary>
         public bool IsAllowedByPolicy { get; set; }
 

src/code/PublishHelper.cs

@@ -380,7 +380,15 @@ internal void PushResource(string Repository, string modulePrefix, bool SkipDepe
                     return;
                 }
 
-                _networkCredential = Utils.SetNetworkCredential(repository, _networkCredential, _cmdletPassedIn);
+                // Set network credentials via passed in credentials, AzArtifacts CredentialProvider, or SecretManagement.
+                if (repository.CredentialProvider.Equals(PSRepositoryInfo.CredentialProviderType.AzArtifacts))
+                {
+                    _networkCredential = Utils.SetCredentialProviderNetworkCredential(repository, _networkCredential, _cmdletPassedIn);
+                }
+                else
+                {
+                    _networkCredential = Utils.SetSecretManagementNetworkCredential(repository, _networkCredential, _cmdletPassedIn);
+                }
 
                 // Check if dependencies already exist within the repo if:
                 // 1) the resource to publish has dependencies and