-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cut new release with experimental No-PAT support for AzRepos #307
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When we moved to use the System.CommandLine library for command line parsing, we neglected to update the exception handling to match the new model.
Fix a bug in contruction of the remote URI when no username is provided, but the caller wishes to include the username.
Improve the handling of input arguments with missing required fields (e.g., protocol and host).
Replace the unused `ProgramData` and `Xdg` Git configuration level enumeration members with an `Unknown` member. We never directly used any of those, and don't really care(!)
Remove some unused Git configuration extension methods for querying for entries based on 'split' keys (section.scope.property). These are only used in tests!
Introduce a wrapper type representing a single entry in Git's configuration, which is used in the `Enumerate` callback.
Teach `GitConfiguration::Enumerate` to parse results that include the 'level' of the Git config entry (--show-scope).
Expose the `Split` method from the `GitConfigurationKeyComparer` as a `TrySplit` method and use this implementation for splitting keys in all existing instances. Also introduce a `GitConfiguration::Enumerate` extension method that filters based on section and property name parts of Git config entries.
Change the way we interact with Git configuration so that we specify the level filter in each method call, instead of requesting the `GitConfiguration` object perform the filtering.
Add the ability to list the Git remotes for the current repository, as well as resolve the current repository path.
Add a utility to extract the Azure DevOps organisation name from a remote URL.
Add a new settings to the Azure Repos provider that instructs GCM to return the Azure access token directly, rather than use that token to generate a new Azure DevOps Personal Access Token (PAT). At the moment the only indication as to what user account a user wants to use is via the userinfo parts of the remote URL. This must be set manually. The default configuration is to continue to use PATs, for now.
Add a cache of the Azure backing authority for Azure DevOps orgs. This cache is only consulted when the credential type is "oauth" and not "pat". We use Git's configuration as the persistence mechanism.
Add a command to enable clearing of the Azure authority cache manually.
Add a new binding manager component that can be used to 'bind' user accounts to Azure DevOps organisations. This enables the Azure Repos host provider to attempt silent authentication requests via MSAL - to attempt to use an existing access token from the cache. We only allow binding at the organisation level (and not any other level) as this is the most common scenario: one user for an entire Azure DevOps organisation. If the user wishes to override the chosen user for a particular clone they can do so by binding the user to the local repository configuration, rather than the default global configuration. Furthermore, if the user wishes to use a different user account for a particular remote within a repository, they can set the username in the remote URL.
Add commands to manually manager the user/org bindings for the Azure Repos host provider.
Add some checks/guards against malformed data output from Git configuration when enumerating all entries. If we hit the unexpected end of the data stream we trace and stop parsing.
Stop using PATs for Azure Repos (Attempt 2: Electric Boogaloo)
Sometimes the login Keychain is not accessible and the MSAL.Extensions library cannot read/write the token cache. The specific error encountered internally is `errSecAuthFailed` - neither we nor the MSAL team know why this happens sometimes. Locking and then unlocking the login Keychain manually, or simply restarting the computer appears to fix the problem. Include the lock+unlock/restart remedy in the warning message on macOS.
Include better warning message on MSAL Keychain errors
dscho
approved these changes
Mar 10, 2021
vtbassmatt
approved these changes
Mar 10, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:sigh:
at "have you tried turning it off and back on again?" but it seems necessary
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes: