Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

azure-pipelines-tasks-docker-common

Package Overview
Dependencies
Maintainers
5
Versions
16
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

azure-pipelines-tasks-docker-common - npm Package Compare versions

Comparing version 2.198.1 to 2.211.0

11

package.json
{
"name": "azure-pipelines-tasks-docker-common",
"version": "2.198.1",
"version": "2.211.0",
"description": "Common Library for Azure Rest Calls",

@@ -16,9 +16,10 @@ "repository": {

"dependencies": {
"@types/mocha": "^5.2.7",
"@types/node": "^10.17.0",
"@types/mocha": "^5.2.7",
"@types/q": "1.5.4",
"@types/uuid": "^8.3.0",
"@types/q": "1.5.4",
"azure-pipelines-task-lib": "^3.1.0",
"azure-pipelines-tasks-azure-arm-rest-v2": "^2.210.0",
"del": "2.2.0",
"q": "1.4.1",
"azure-pipelines-task-lib": "^3.1.0"
"q": "1.4.1"
},

@@ -25,0 +26,0 @@ "devDependencies": {

5

registryauthenticationprovider/acrauthenticationtokenprovider.d.ts

@@ -0,3 +1,3 @@

import AuthenticationTokenProvider from "./authenticationtokenprovider";
import RegistryAuthenticationToken from "./registryauthenticationtoken";
import AuthenticationTokenProvider from "./authenticationtokenprovider";
export default class ACRAuthenticationTokenProvider extends AuthenticationTokenProvider {

@@ -9,2 +9,5 @@ private registryURL;

getAuthenticationToken(): RegistryAuthenticationToken;
getToken(): Promise<RegistryAuthenticationToken>;
private static _getACRToken;
private _getMSIAuthenticationToken;
}

104

registryauthenticationprovider/acrauthenticationtokenprovider.js
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
const azure_arm_common_1 = require("azure-pipelines-tasks-azure-arm-rest-v2/azure-arm-common");
const authenticationtokenprovider_1 = require("./authenticationtokenprovider");
const Q = require("q");
const registryauthenticationtoken_1 = require("./registryauthenticationtoken");
const tl = require("azure-pipelines-task-lib/task");
const registryauthenticationtoken_1 = require("./registryauthenticationtoken");
const authenticationtokenprovider_1 = require("./authenticationtokenprovider");
const webClient = require("azure-pipelines-tasks-azure-arm-rest-v2/webClient");
class ACRAuthenticationTokenProvider extends authenticationtokenprovider_1.default {

@@ -29,3 +41,91 @@ constructor(endpointName, registerNameValue) {

}
getToken() {
return __awaiter(this, void 0, void 0, function* () {
let authType;
try {
tl.debug("Attempting to get endpoint authorization scheme...");
authType = tl.getEndpointAuthorizationScheme(this.endpointName, false);
}
catch (error) {
tl.debug("Failed to get endpoint authorization scheme.");
}
if (!authType) {
try {
tl.debug("Attempting to get endpoint authorization scheme as an authorization parameter...");
authType = tl.getEndpointAuthorizationParameter(this.endpointName, "scheme", false);
}
catch (error) {
tl.debug("Failed to get endpoint authorization scheme as an authorization parameter. Will default authorization scheme to ServicePrincipal.");
authType = "ServicePrincipal";
}
}
if (authType == "ManagedServiceIdentity") {
// Parameter 1: retryCount - the current retry count of the method to get the ACR token through MSI authentication
// Parameter 2: timeToWait - the current time wait of the method to get the ACR token through MSI authentication
return yield this._getMSIAuthenticationToken(0, 0);
}
else {
return this.getAuthenticationToken();
}
});
}
static _getACRToken(AADToken, endpointName, registryURL, retryCount, timeToWait) {
tl.debug("Attempting to convert AAD Token to an ACR token");
let deferred = Q.defer();
let tenantID = tl.getEndpointAuthorizationParameter(endpointName, 'tenantid', true);
let webRequest = new webClient.WebRequest();
webRequest.method = "POST";
const retryLimit = 5;
webRequest.uri = `https://${registryURL}/oauth2/exchange`;
webRequest.body = (`grant_type=access_token&service=${registryURL}&tenant=${tenantID}&access_token=${AADToken}`);
webRequest.headers = {
"Content-Type": "application/x-www-form-urlencoded"
};
webClient.sendRequest(webRequest).then((response) => {
if (response.statusCode === 200) {
deferred.resolve(response.body.refresh_token);
}
else if (response.statusCode == 429 || response.statusCode == 500) {
if (retryCount < retryLimit) {
if (response.statusCode == 429) {
tl.debug("Too many requests were made to get ACR token. Retrying...");
}
else {
tl.debug("Internal server error occurred. Retrying...");
}
let waitedTime = 2000 + timeToWait * 2;
retryCount += 1;
setTimeout(() => {
deferred.resolve(this._getACRToken(AADToken, endpointName, registryURL, retryCount, waitedTime));
}, waitedTime);
}
else {
deferred.reject(tl.loc('CouldNotFetchAccessTokenforACRStatusCode', response.statusCode, response.statusMessage));
}
}
else {
deferred.reject(tl.loc('CouldNotFetchAccessTokenforMSIDueToACRNotConfiguredProperlyStatusCode', response.statusCode, response.statusMessage));
}
}, (error) => {
deferred.reject(error);
});
return deferred.promise;
}
_getMSIAuthenticationToken(retryCount, timeToWait) {
return __awaiter(this, void 0, void 0, function* () {
if (this.registryURL && this.endpointName) {
try {
let aadtoken = yield azure_arm_common_1.ApplicationTokenCredentials.getMSIAuthorizationToken(retryCount, timeToWait, "https://management.core.windows.net/");
let acrToken = yield ACRAuthenticationTokenProvider._getACRToken(aadtoken, this.endpointName, this.registryURL, retryCount, timeToWait);
return new registryauthenticationtoken_1.default("00000000-0000-0000-0000-000000000000", acrToken, this.registryURL, "ManagedIdentity@AzureRM", this.getXMetaSourceClient());
}
catch (error) {
tl.debug("Unable to get registry authentication token with given registryURL. Please make sure that the MSI is correctly configured");
throw new Error(tl.loc("MSIFetchError"));
}
}
throw new Error(tl.loc("MSIFetchError"));
});
}
}
exports.default = ACRAuthenticationTokenProvider;

2

registryauthenticationprovider/registryauthenticationtoken.d.ts

@@ -15,2 +15,2 @@ export default class RegistryServerAuthenticationToken {

}
export declare function getDockerRegistryEndpointAuthenticationToken(endpointId: string): RegistryServerAuthenticationToken;
export declare function getDockerRegistryEndpointAuthenticationToken(endpointId: string): Promise<RegistryServerAuthenticationToken>;

36

registryauthenticationprovider/registryauthenticationtoken.js
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });

@@ -10,5 +19,2 @@ exports.getDockerRegistryEndpointAuthenticationToken = void 0;

constructor(username, authenticationPassword, registry, email, xMetaSourceClient) {
// Replace it with setvariable once vsts-task-lib is updated
console.log("##vso[task.setvariable variable=CONTAINER_USERNAME;issecret=true;]" + username);
console.log("##vso[task.setvariable variable=CONTAINER_PASSWORD;issecret=true;]" + authenticationPassword);
this.registry = registry;

@@ -47,14 +53,16 @@ this.password = authenticationPassword;

function getDockerRegistryEndpointAuthenticationToken(endpointId) {
var registryType = tl.getEndpointDataParameter(endpointId, "registrytype", true);
let authToken;
if (registryType === "ACR") {
const loginServer = tl.getEndpointAuthorizationParameter(endpointId, "loginServer", false).toLowerCase();
;
authToken = new acrauthenticationtokenprovider_1.default(endpointId, loginServer).getAuthenticationToken();
}
else {
authToken = new genericauthenticationtokenprovider_1.default(endpointId).getAuthenticationToken();
}
return authToken;
return __awaiter(this, void 0, void 0, function* () {
var registryType = tl.getEndpointDataParameter(endpointId, "registrytype", true);
let authToken;
if (registryType === "ACR") {
const loginServer = tl.getEndpointAuthorizationParameter(endpointId, "loginServer", false).toLowerCase();
let acrAuthenticationTokenProvider = new acrauthenticationtokenprovider_1.default(endpointId, loginServer);
authToken = yield acrAuthenticationTokenProvider.getToken();
}
else {
authToken = new genericauthenticationtokenprovider_1.default(endpointId).getAuthenticationToken();
}
return authToken;
});
}
exports.getDockerRegistryEndpointAuthenticationToken = getDockerRegistryEndpointAuthenticationToken;
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc