-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature(azure devops): support multiple organisations #18213
Conversation
Changed Packages
|
Thanks for the contribution! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking this on @sanderaernouts, I do have a question for you about these changes.
In the PR description you have:
integrations:
azure:
host: dev.azure.com
credentials:
- organisations:
- my-org
token: my-pat
- organisations:
- my-other-org
token: my-other-pat
Are you saying that you would be removing the ability to have an array of host
? If so that's not ideal as it would make it harder to be able to use Azure DevOps Services and Server instances together with Backstage. This is the exact scenario we have right now and is not an uncommon setup
@awanlin, no, I won't be touching that part. I typed the YAML config example from memory and forgot that the Azure integration config is an array of configs. To clarify, I plan to replace the integrations:
azure:
- host: dev.azure.com
credentials:
- organisations:
- my-org
token: my-pat
- organisations:
- my-other-org
token: my-other-pat
- host: some.devops.server
credentials:
- token: my-pat I have updated the PR description 👍 |
Awesome, thanks for the follow up @sanderaernouts. Another question popup though: why the extra Could this: integrations:
azure:
- host: dev.azure.com
credentials:
- organisations:
- my-org
token: my-pat
- organisations:
- my-other-org
token: my-other-pat
- host: some.devops.server
credentials:
- token: my-pat Be something like this instead: integrations:
azure:
- host: dev.azure.com
credentials:
- organization: my-org
token: my-pat
- organization: my-other-org
token: my-other-pat
- host: some.devops.server
credentials:
- organization: my-org
token: my-pat With Azure DevOps Server the concept of Team Collections is more or less the same as Organizations in Azure DevOps Services. I think going this way seeing as we will have a breaking change makes this more consistent |
ae0fbea
to
b104539
Compare
@awanlin I added an array of organizations to support reusing the same service principal or managed identity for multiple organizations. A single service principal or managed identity could be used as long as the same Azure AD tenant backs the Azure DevOps organizations. However, I'm also okay with |
You're last comment helped me better understand what you where trying to do with the config, that works for me then 👍 Maybe we update the description with this then: integrations:
azure:
- host: dev.azure.com
credentials:
- organisations:
- my-org
- my-org-related
- my-org-another-related
token: my-pat
- organisations:
- my-other-org
token: my-other-pat
- host: some.devops.server
credentials:
- token: my-pat That shows the credential reuse a little better (well it does for me 😉 ) |
b104539
to
60fe2da
Compare
@awanlin I updated the PR description and will use similar examples when updating the docs. I have also added an example for the Azure DevOps server. Meanwhile, I made good progress on the credential provider yesterday, so there already is some stuff to review if you want to. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, great to get this added for azure too! 👍
Couple of initial comments. In particular I think it's best if we split out renames of existing systems in a new PR to avoid breaking changes, because I don't think this overall is something that we can ship straight into a main-line release.
73e7730
to
648fde0
Compare
Uffizzi Preview |
a4d494e
to
4bb069c
Compare
28b9a2c
to
8dfffb8
Compare
@awanlin, I updated the docs as well. Should we restrict personal access token (PAT) credentials to zero or one organization in the integration config? For Azure DevOps, the PAT is organization-specific, so filling out more than one organization makes no sense. |
c5558f0
to
6f5a604
Compare
6f5a604
to
1f05ab0
Compare
2d31a3b
to
51e7558
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, thank you! 🎉
Just two nits. It would be nice to have some clarity on #18213 (comment) but I don't feel it's a requirement
There are a lot of PRs we want to get into 1.17 😅
packages/integration/src/azure/CachedAzureDevOpsCredentialsProvider.ts
Outdated
Show resolved
Hide resolved
51e7558
to
6c6a0b9
Compare
@Rugvip, thanks; I know you guys are busy. I'd prefer to have #18213 (comment) fixed resolved before merging. I can imagine many contributors are pushing for 1.17, but my PR is the most important one to get merged 😜. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✨
I'd just like to note my worries about this getting into the release today. I strongly feel that this needs to be included in at least one of the weekly releases. |
@awanlin will do! |
6c6a0b9
to
8b0a0e0
Compare
Signed-off-by: Sander Aernouts <sander.aernouts@gmail.com>
8b0a0e0
to
5f1a92b
Compare
@Rugvip, this is ready to be merged. Also, it would be good to include this in the release notes for |
@awanlin nice! 🎉 It'll be in the release notes, I've added a section to our internal draft of the notes |
Thank you for contributing to Backstage! The changes in this pull request will be part of the |
Thanks @Rugvip, and many, many, many thanks to @sanderaernouts for the work done in this PR! 🚀 |
Hey, I just made a Pull Request!
I Added an
AzureDevOpsCredentialProvider
, similar to the GitHub and AWS integrations, that can return a token based on the provided URL. This PR resolves #10431 by adding support fororganisations
to the Azure integration config.The updated Azure integration configuration looks like this:
The current
token
andcredential
fields in the Azure integration config are deprecated in favour of thecredentials
field✔️ Checklist
Screenshots attached (for UI changes)Signed-off-by
line in the message. (more info)