Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Adding OpenID Connect (OIDC) implementation for Service Connections. #520

Open
wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

feat: Adding OpenID Connect (OIDC) implementation for Service Connections. #520

wants to merge 3 commits into from

Conversation

HenrikStanley
Copy link

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • This pull request is on the dev branch.
  • I used npm run format for formatting the code before submitting the pull request.

This PR builds on top of the existing work by @davidcorrigan714 done in PR #495 by adding support for OpenID Connect into the Azure DevOps extension and fixes issue #494.

As part of the PR, me and my team (@davidwinslowtech @HenrikStanley and @NimaZahedi) have implemented the following:

  • Support for choosing OpenID Connect as the Authentication method for all 4 types of Service Connections.
  • Documented how to use this new feature in the README file.
  • Cleaned up inconsistent use of help text in the Service Connections (made all sample URLs be the newer https://my.jfrog.io instead of https://repo.jfrog.org) to conform our changes with the latest help text on newer tasks.

In regards to testing, it is not feasible for us to create tests for this feature as it relies on calling the IdTokens which can only be done from the Azure DevOps pipeline as the IdToken has to be obtained from an Azure DevOps build context as part of how the security and authentication flow works. If tests for this is required we would suggest that the JFrog maintainers creates integration tests for this in their Azure DevOps pipeline setup.

Since these tokens are only available in a built context, a known limitation is also that the Task Preview feature you get when editing tasks inside of the Azure DevOps pipeline editor, cannot authenticate to the JFrog instance from that environment and get a list of available repositories etc, as the token is only valid in the context of a pipeline run.

We have done fairly extensive manual testing of the feature.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 6, 2024
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@HenrikStanley
Copy link
Author

I have read the CLA Document and I hereby sign the CLA

@HenrikStanley HenrikStanley changed the title feat: Adding oidc implementation for service connections. feat: Adding OpenID Connect (OIDC) implementation for Service Connections. Nov 6, 2024
@HenrikStanley HenrikStanley mentioned this pull request Nov 6, 2024
Open
@HenrikStanley
Copy link
Author

recheck

@yahavi yahavi added the safe to test Approve running integration tests on a pull request label Nov 6, 2024
@davidwinslowtech
Copy link

I have read the CLA Document and I hereby sign the CLA

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
safe to test Approve running integration tests on a pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@HenrikStanley @davidwinslowtech @yahavi