• Home
• com.azure
• azure-identity
• 1.14.2
• source code
• AzurePipelinesCredentialBuilder.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.azure.identity.AzurePipelinesCredentialBuilder Maven / Gradle / Ivy

// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

package com.azure.identity;

import com.azure.core.http.policy.HttpLogOptions;
import com.azure.core.util.Configuration;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.util.ValidationUtil;

import java.util.Arrays;

/**
 * The {@link AzurePipelinesCredentialBuilder} provides a fluent builder for {@link AzurePipelinesCredential}.
 *
 * 
 * 
 * // serviceConnectionId is retrieved from the portal.
 * // systemAccessToken is retrieved from the pipeline environment as shown.
 * // You may choose another name for this variable.
 *
 * String systemAccessToken = System.getenv("SYSTEM_ACCESSTOKEN");
 * AzurePipelinesCredential credential = new AzurePipelinesCredentialBuilder().clientId(clientId)
 *     .tenantId(tenantId)
 *     .serviceConnectionId(serviceConnectionId)
 *     .systemAccessToken(systemAccessToken)
 *     .build();
 * 
 * 
 */
public class AzurePipelinesCredentialBuilder extends AadCredentialBuilderBase {
    private static final ClientLogger LOGGER = new ClientLogger(AzurePipelinesCredentialBuilder.class);
    private static final String OIDC_API_VERSION = "7.1";
    private String serviceConnectionId;
    private String systemAccessToken;

    /**
     * Creates an instance of the {@link AzurePipelinesCredentialBuilder}.
     */
    public AzurePipelinesCredentialBuilder() {
        super();
    }

    /**
     * Sets the service connection id for the Azure Pipelines service connection. The service connection ID is
     * retrieved from the Service Connection in the portal.
     *
     * @param serviceConnectionId The service connection ID, as found in the query string's resourceId key.
     * @return the updated instance of the builder.
     */
    public AzurePipelinesCredentialBuilder serviceConnectionId(String serviceConnectionId) {
        this.serviceConnectionId = serviceConnectionId;
        return this;
    }

    /**
     * Sets the System Access Token for the Azure Pipelines service connection. The system access token is
     * retrieved from the pipeline variables by assigning it to an environment variable and reading it.
     * See {@link AzurePipelinesCredential} for more information.
     *
     * @param systemAccessToken the system access token for the Azure Pipelines service connection.
     * @return The updated instance of the builder.
     */
    public AzurePipelinesCredentialBuilder systemAccessToken(String systemAccessToken) {
        this.systemAccessToken = systemAccessToken;
        return this;
    }

    /**
     * Configures the persistent shared token cache options and enables the persistent token cache which is disabled
     * by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to
     * the current user, which can be shared by other credentials and processes.
     *
     * @param tokenCachePersistenceOptions the token cache configuration options
     * @return An updated instance of this builder with the token cache options configured.
     */
    public AzurePipelinesCredentialBuilder
        tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions) {
        this.identityClientOptions.setTokenCacheOptions(tokenCachePersistenceOptions);
        return this;
    }

    /**
     * Builds an instance of the {@link AzurePipelinesCredential} with the current configurations. Requires setting
     * the following parameters:
     * 

     * 
Client ID via {@link #clientId(String)}
     * 
Tenant ID via {@link #tenantId(String)}
     * 
Service Connection ID via {@link #serviceConnectionId(String)}
     * 
System Access Token via {@link #systemAccessToken(String)}
     * 
     * Requires the {@code SYSTEM_OIDCREQUESTURI} environment variable to be set.
     *
     * @throws IllegalArgumentException Thrown when required parameters are set or the environment is not correctly
     * configured.
     * @return an instance of the {@link AzurePipelinesCredential}.
     */
    public AzurePipelinesCredential build() {
        Configuration configuration = identityClientOptions.getConfiguration();
        if (configuration == null) {
            configuration = Configuration.getGlobalConfiguration();
        }

        String oidcEndpoint = configuration.get("SYSTEM_OIDCREQUESTURI");

        ValidationUtil.validate(getClass().getSimpleName(), LOGGER,
            Arrays.asList("clientId", "tenantId", "serviceConnectionId", "systemAccessToken", "oidcEndpoint"),
            Arrays.asList(clientId, tenantId, serviceConnectionId, this.systemAccessToken, oidcEndpoint));

        String requestUrl = String.format("%s?api-version=%s&serviceConnectionId=%s", oidcEndpoint, OIDC_API_VERSION,
            serviceConnectionId);

        // We need to make a best effort to log these headers.
        // If the user gives us options, we'll sneak the headers in, or make an options with them.
        // If the user gave us a pipeline none of this matters as we can't change a user created pipeline.
        if (identityClientOptions.getHttpPipeline() != null) {
            HttpLogOptions options = identityClientOptions.getHttpLogOptions();
            if (options == null) {
                options = new HttpLogOptions();
            }
            options.addAllowedHeaderName("x-vss-e2eid");
            options.addAllowedHeaderName("x-msedge-ref");
            identityClientOptions.setHttpLogOptions(options);
        }
        return new AzurePipelinesCredential(clientId, tenantId, requestUrl, systemAccessToken,
            identityClientOptions.clone());
    }
}