Fix PSResourceGet CI for ContainerRegistry (#1829)

adityapatwardhan · web-flow · commit c637fcfa2aad · 2025-06-17T12:29:50.000-07:00
diff --git a/.ci/test.yml b/.ci/test.yml
@@ -107,10 +107,12 @@ jobs:
     inputs:
       azureSubscription: PSResourceGetACR
       azurePowerShellVersion: LatestVersion
+      pwsh: true
       ScriptType: InlineScript
       inline: |
         $modulePath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'TempModules'
         $env:PSModulePath = $modulePath + [System.IO.Path]::PathSeparator + $env:PSModulePath
+
         Write-Verbose -Verbose "Importing build utilities (buildtools.psd1)"
         Import-Module -Name (Join-Path -Path '${{ parameters.buildDirectory }}' -ChildPath 'buildtools.psd1') -Force
         Invoke-ModuleTestsACR -Type Functional
diff --git a/global.json b/global.json
@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "8.0.406"
+        "version": "8.0.411"
     }
 }
diff --git a/src/code/ContainerRegistryServerAPICalls.cs b/src/code/ContainerRegistryServerAPICalls.cs
@@ -394,6 +394,8 @@ internal string GetContainerRegistryAccessToken(out ErrorRecord errRecord)
             else
             {
                 bool isRepositoryUnauthenticated = IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), out errRecord, out accessToken);
+                _cmdletPassedIn.WriteDebug($"Is repository unauthenticated: {isRepositoryUnauthenticated}");
+
                 if (errRecord != null)
                 {
                     return null;
@@ -407,7 +409,7 @@ internal string GetContainerRegistryAccessToken(out ErrorRecord errRecord)
 
                 if (!isRepositoryUnauthenticated)
                 {
-                    accessToken = Utils.GetAzAccessToken();
+                    accessToken = Utils.GetAzAccessToken(_cmdletPassedIn);
                     if (string.IsNullOrEmpty(accessToken))
                     {
                         errRecord = new ErrorRecord(
@@ -488,6 +490,8 @@ internal bool IsContainerRegistryUnauthenticated(string containerRegistyUrl, out
                                 // get the anonymous access token
                                 var url = $"{realm}?service={service}{defaultScope}";
 
+                                _cmdletPassedIn.WriteDebug($"Getting anonymous access token from the realm: {url}");
+
                                 // we dont check the errorrecord here because we want to return false if we get a 401 and not throw an error
                                 var results = GetHttpResponseJObjectUsingContentHeaders(url, HttpMethod.Get, content, contentHeaders, out _);
 
diff --git a/src/code/FindPSResource.cs b/src/code/FindPSResource.cs
@@ -24,7 +24,7 @@ namespace Microsoft.PowerShell.PSResourceGet.Cmdlets
     public sealed class FindPSResource : PSCmdlet
     {
         #region Members
-        
+
         private const string NameParameterSet = "NameParameterSet";
         private const string CommandNameParameterSet = "CommandNameParameterSet";
         private const string DscResourceNameParameterSet = "DscResourceNameParameterSet";
@@ -39,7 +39,7 @@ public sealed class FindPSResource : PSCmdlet
         /// Specifies name of a resource or resources to find. Accepts wild card characters.
         /// </summary>
         [SupportsWildcards]
-        [Parameter(Position = 0, 
+        [Parameter(Position = 0,
                    ValueFromPipeline = true,
                    ValueFromPipelineByPropertyName = true,
                    ParameterSetName = NameParameterSet)]
@@ -167,7 +167,6 @@ protected override void ProcessRecord()
 
         private void ProcessResourceNameParameterSet()
         {
-            WriteDebug("In FindPSResource::ProcessResourceNameParameterSet()");
             // only cases where Name is allowed to not be specified is if Type or Tag parameters are
             if (!MyInvocation.BoundParameters.ContainsKey(nameof(Name)))
             {
@@ -178,7 +177,7 @@ private void ProcessResourceNameParameterSet()
                 }
                 else if (MyInvocation.BoundParameters.ContainsKey(nameof(Type)))
                 {
-                    Name = new string[] {"*"};
+                    Name = new string[] { "*" };
                 }
                 else
                 {
@@ -191,8 +190,8 @@ private void ProcessResourceNameParameterSet()
             }
 
             WriteDebug("Filtering package name(s) on wildcards");
-            Name = Utils.ProcessNameWildcards(Name, removeWildcardEntries:false, out string[] errorMsgs, out bool nameContainsWildcard);
-            
+            Name = Utils.ProcessNameWildcards(Name, removeWildcardEntries: false, out string[] errorMsgs, out bool nameContainsWildcard);
+
             foreach (string error in errorMsgs)
             {
                 WriteError(new ErrorRecord(
@@ -208,7 +207,7 @@ private void ProcessResourceNameParameterSet()
             {
                 WriteDebug("Package name(s) could not be resolved");
                 return;
-            }         
+            }
 
             // determine/parse out Version param
             VersionType versionType = VersionType.VersionRange;
@@ -232,7 +231,7 @@ private void ProcessResourceNameParameterSet()
                             "IncorrectVersionFormat",
                             ErrorCategory.InvalidArgument,
                             this));
-                    
+
                         return;
                     }
                 }
@@ -289,7 +288,7 @@ private void ProcessCommandOrDscParameterSet(bool isSearchingForCommands)
                 WriteDebug("Command or DSCResource name(s) could not be resolved");
                 return;
             }
-            
+
             foreach (PSCommandResourceInfo cmdPkg in _findHelper.FindByCommandOrDscResource(
                 isSearchingForCommands: isSearchingForCommands,
                 prerelease: Prerelease,
@@ -325,7 +324,7 @@ private void ProcessTags()
                 WriteDebug("Tags(s) could not be resolved");
                 return;
             }
-            
+
             foreach (PSResourceInfo tagPkg in _findHelper.FindByTag(
                 type: Type,
                 prerelease: Prerelease,
diff --git a/src/code/Microsoft.PowerShell.PSResourceGet.csproj b/src/code/Microsoft.PowerShell.PSResourceGet.csproj
@@ -24,7 +24,7 @@
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
     <PackageReference Include="System.Text.Json" Version="8.0.5" />
     <PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
-    <PackageReference Include="Azure.Identity" Version="1.11.4" />
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="System.Security.Cryptography.Pkcs" Version="6.0.5" />
     <Reference Include="System.Web" />
   </ItemGroup>
diff --git a/src/code/RegisterPSResourceRepository.cs b/src/code/RegisterPSResourceRepository.cs
@@ -102,7 +102,7 @@ class RegisterPSResourceRepository : PSCmdlet
         /// </summary>
         [Parameter]
         public SwitchParameter PassThru { get; set; }
-        
+
         /// <summary>
         /// When specified, will overwrite information for any existing repository with the same name.
         /// </summary>
@@ -212,14 +212,14 @@ private PSRepositoryInfo PSGalleryParameterSetHelper(int repoPriority, bool repo
             WriteDebug("In RegisterPSResourceRepository::PSGalleryParameterSetHelper()");
             Uri psGalleryUri = new Uri(PSGalleryRepoUri);
             WriteDebug("Internal name and uri values for PSGallery are hardcoded and validated. Priority and trusted values, if passed in, also validated");
-            var addedRepo = RepositorySettings.AddToRepositoryStore(PSGalleryRepoName, 
-                psGalleryUri, 
-                repoPriority, 
-                repoTrusted, 
+            var addedRepo = RepositorySettings.AddToRepositoryStore(PSGalleryRepoName,
+                psGalleryUri,
+                repoPriority,
+                repoTrusted,
                 apiVersion: null,
-                repoCredentialInfo: null, 
-                Force, 
-                this, 
+                repoCredentialInfo: null,
+                Force,
+                this,
                 out string errorMsg);
 
             if (!string.IsNullOrEmpty(errorMsg))
@@ -313,7 +313,7 @@ private PSRepositoryInfo RepoValidationHelper(Hashtable repo)
                     "NullUriForRepositoriesParameterSetRegistration",
                     ErrorCategory.InvalidArgument,
                     this));
-                    
+
                 return null;
             }
 
@@ -337,10 +337,10 @@ private PSRepositoryInfo RepoValidationHelper(Hashtable repo)
                 return null;
             }
 
-            if (repo.ContainsKey("ApiVersion") && 
+            if (repo.ContainsKey("ApiVersion") &&
                 (repo["ApiVersion"] == null || String.IsNullOrEmpty(repo["ApiVersion"].ToString()) ||
-                !(repo["ApiVersion"].ToString().Equals("Local", StringComparison.OrdinalIgnoreCase) || repo["ApiVersion"].ToString().Equals("V2", StringComparison.OrdinalIgnoreCase) || 
-                repo["ApiVersion"].ToString().Equals("V3", StringComparison.OrdinalIgnoreCase) || repo["ApiVersion"].ToString().Equals("NugetServer", StringComparison.OrdinalIgnoreCase) || 
+                !(repo["ApiVersion"].ToString().Equals("Local", StringComparison.OrdinalIgnoreCase) || repo["ApiVersion"].ToString().Equals("V2", StringComparison.OrdinalIgnoreCase) ||
+                repo["ApiVersion"].ToString().Equals("V3", StringComparison.OrdinalIgnoreCase) || repo["ApiVersion"].ToString().Equals("NugetServer", StringComparison.OrdinalIgnoreCase) ||
                 repo["ApiVersion"].ToString().Equals("Unknown", StringComparison.OrdinalIgnoreCase))))
             {
                 WriteError(new ErrorRecord(
diff --git a/src/code/Utils.cs b/src/code/Utils.cs
@@ -648,12 +648,11 @@ public static PSCredential GetRepositoryCredentialFromSecretManagement(
             }
         }
 
-        public static string GetAzAccessToken()
+        public static string GetAzAccessToken(PSCmdlet cmdletPassedIn)
         {
             var credOptions = new DefaultAzureCredentialOptions
             {
                 ExcludeEnvironmentCredential = true,
-                ExcludeVisualStudioCodeCredential = true,
                 ExcludeVisualStudioCredential = true,
                 ExcludeWorkloadIdentityCredential = true,
                 ExcludeManagedIdentityCredential = true, // ManagedIdentityCredential makes the experience slow
@@ -665,8 +664,25 @@ public static string GetAzAccessToken()
 
             var dCred = new DefaultAzureCredential(credOptions);
             var tokenRequestContext = new TokenRequestContext(new string[] { "https://management.azure.com/.default" });
-            var token = dCred.GetTokenAsync(tokenRequestContext).Result;
-            return token.Token;
+
+            try
+            {
+                using (var cts = new CancellationTokenSource(TimeSpan.FromSeconds(30)))
+                {
+                    var token = dCred.GetTokenAsync(tokenRequestContext, cts.Token).GetAwaiter().GetResult();
+                    return token.Token;
+                }
+            }
+            catch (OperationCanceledException)
+            {
+                cmdletPassedIn.WriteWarning("Timeout occurred while acquiring Azure access token.");
+                return null;
+            }
+            catch (Exception ex)
+            {
+                cmdletPassedIn.WriteWarning($"Failed to acquire Azure access token: {ex.Message}");
+                return null;
+            }
         }
 
         public static string GetContainerRegistryAccessTokenFromSecretManagement(
@@ -1874,9 +1890,9 @@ public static Hashtable GetMetadataFromNuspec(string nuspecFilePath, PSCmdlet cm
             catch (Exception e)
             {
                 errorRecord = new ErrorRecord(
-                    exception: e, 
-                    "GetHashtableForNuspecFailure", 
-                    ErrorCategory.ReadError, 
+                    exception: e,
+                    "GetHashtableForNuspecFailure",
+                    ErrorCategory.ReadError,
                     cmdletPassedIn);
             }
 
@@ -1895,9 +1911,9 @@ public static XmlDocument LoadXmlDocument(string filePath, PSCmdlet cmdletPassed
             catch (Exception e)
             {
                 errRecord = new ErrorRecord(
-                    exception: e, 
-                    "LoadXmlDocumentFailure", 
-                    ErrorCategory.ReadError, 
+                    exception: e,
+                    "LoadXmlDocumentFailure",
+                    ErrorCategory.ReadError,
                     cmdletPassedIn);
             }
 

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"sdk": {`
`3`		`- "version": "8.0.406"`
	`3`	`+ "version": "8.0.411"`
`4`	`4`	`}`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -394,6 +394,8 @@ internal string GetContainerRegistryAccessToken(out ErrorRecord errRecord)`
`394`	`394`	`else`
`395`	`395`	`{`
`396`	`396`	`bool isRepositoryUnauthenticated = IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), out errRecord, out accessToken);`
	`397`	`+ _cmdletPassedIn.WriteDebug($"Is repository unauthenticated: {isRepositoryUnauthenticated}");`
	`398`	`+`
`397`	`399`	`if (errRecord != null)`
`398`	`400`	`{`
`399`	`401`	`return null;`
`@@ -407,7 +409,7 @@ internal string GetContainerRegistryAccessToken(out ErrorRecord errRecord)`
`407`	`409`
`408`	`410`	`if (!isRepositoryUnauthenticated)`
`409`	`411`	`{`
`410`		`- accessToken = Utils.GetAzAccessToken();`
	`412`	`+ accessToken = Utils.GetAzAccessToken(_cmdletPassedIn);`
`411`	`413`	`if (string.IsNullOrEmpty(accessToken))`
`412`	`414`	`{`
`413`	`415`	`errRecord = new ErrorRecord(`
`@@ -488,6 +490,8 @@ internal bool IsContainerRegistryUnauthenticated(string containerRegistyUrl, out`
`488`	`490`	`// get the anonymous access token`
`489`	`491`	`var url = $"{realm}?service={service}{defaultScope}";`
`490`	`492`
	`493`	`+ _cmdletPassedIn.WriteDebug($"Getting anonymous access token from the realm: {url}");`
	`494`	`+`
`491`	`495`	`// we dont check the errorrecord here because we want to return false if we get a 401 and not throw an error`
`492`	`496`	`var results = GetHttpResponseJObjectUsingContentHeaders(url, HttpMethod.Get, content, contentHeaders, out _);`
`493`	`497`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ namespace Microsoft.PowerShell.PSResourceGet.Cmdlets`
`24`	`24`	`public sealed class FindPSResource : PSCmdlet`
`25`	`25`	`{`
`26`	`26`	`#region Members`
`27`		`-`
	`27`	`+`
`28`	`28`	`private const string NameParameterSet = "NameParameterSet";`
`29`	`29`	`private const string CommandNameParameterSet = "CommandNameParameterSet";`
`30`	`30`	`private const string DscResourceNameParameterSet = "DscResourceNameParameterSet";`
`@@ -39,7 +39,7 @@ public sealed class FindPSResource : PSCmdlet`
`39`	`39`	`/// Specifies name of a resource or resources to find. Accepts wild card characters.`
`40`	`40`	`/// </summary>`
`41`	`41`	`[SupportsWildcards]`
`42`		`- [Parameter(Position = 0,`
	`42`	`+ [Parameter(Position = 0,`
`43`	`43`	`ValueFromPipeline = true,`
`44`	`44`	`ValueFromPipelineByPropertyName = true,`
`45`	`45`	`ParameterSetName = NameParameterSet)]`
`@@ -167,7 +167,6 @@ protected override void ProcessRecord()`
`167`	`167`
`168`	`168`	`private void ProcessResourceNameParameterSet()`
`169`	`169`	`{`
`170`		`- WriteDebug("In FindPSResource::ProcessResourceNameParameterSet()");`
`171`	`170`	`// only cases where Name is allowed to not be specified is if Type or Tag parameters are`
`172`	`171`	`if (!MyInvocation.BoundParameters.ContainsKey(nameof(Name)))`
`173`	`172`	`{`
`@@ -178,7 +177,7 @@ private void ProcessResourceNameParameterSet()`
`178`	`177`	`}`
`179`	`178`	`else if (MyInvocation.BoundParameters.ContainsKey(nameof(Type)))`
`180`	`179`	`{`
`181`		`- Name = new string[] {"*"};`
	`180`	`+ Name = new string[] { "*" };`
`182`	`181`	`}`
`183`	`182`	`else`
`184`	`183`	`{`
`@@ -191,8 +190,8 @@ private void ProcessResourceNameParameterSet()`
`191`	`190`	`}`
`192`	`191`
`193`	`192`	`WriteDebug("Filtering package name(s) on wildcards");`
`194`		`- Name = Utils.ProcessNameWildcards(Name, removeWildcardEntries:false, out string[] errorMsgs, out bool nameContainsWildcard);`
`195`		`-`
	`193`	`+ Name = Utils.ProcessNameWildcards(Name, removeWildcardEntries: false, out string[] errorMsgs, out bool nameContainsWildcard);`
	`194`	`+`
`196`	`195`	`foreach (string error in errorMsgs)`
`197`	`196`	`{`
`198`	`197`	`WriteError(new ErrorRecord(`
`@@ -208,7 +207,7 @@ private void ProcessResourceNameParameterSet()`
`208`	`207`	`{`
`209`	`208`	`WriteDebug("Package name(s) could not be resolved");`
`210`	`209`	`return;`
`211`		`- }`
	`210`	`+ }`
`212`	`211`
`213`	`212`	`// determine/parse out Version param`
`214`	`213`	`VersionType versionType = VersionType.VersionRange;`
`@@ -232,7 +231,7 @@ private void ProcessResourceNameParameterSet()`
`232`	`231`	`"IncorrectVersionFormat",`
`233`	`232`	`ErrorCategory.InvalidArgument,`
`234`	`233`	`this));`
`235`		`-`
	`234`	`+`
`236`	`235`	`return;`
`237`	`236`	`}`
`238`	`237`	`}`
`@@ -289,7 +288,7 @@ private void ProcessCommandOrDscParameterSet(bool isSearchingForCommands)`
`289`	`288`	`WriteDebug("Command or DSCResource name(s) could not be resolved");`
`290`	`289`	`return;`
`291`	`290`	`}`
`292`		`-`
	`291`	`+`
`293`	`292`	`foreach (PSCommandResourceInfo cmdPkg in _findHelper.FindByCommandOrDscResource(`
`294`	`293`	`isSearchingForCommands: isSearchingForCommands,`
`295`	`294`	`prerelease: Prerelease,`
`@@ -325,7 +324,7 @@ private void ProcessTags()`
`325`	`324`	`WriteDebug("Tags(s) could not be resolved");`
`326`	`325`	`return;`
`327`	`326`	`}`
`328`		`-`
	`327`	`+`
`329`	`328`	`foreach (PSResourceInfo tagPkg in _findHelper.FindByTag(`
`330`	`329`	`type: Type,`
`331`	`330`	`prerelease: Prerelease,`