We are submitting our custom artifact windows-download-artifacts-drop to the public repo for the following reasons:
Up to this point, we have been hosting it on our own private repo but would now like to share it with other teams.
Moving it to the public repo eliminates our need to maintain an access token for our labs to access the private repo.
Moving it to the public repo will also resolve throttling issues with Azure DevOps since the public repo is cached by DTL.
We are submitting this PR as part of a security effort to eliminate all access tokens and improve reliability across our systems.
The windows-download-artifacts-drop artifact can be used to download an Azure Artifacts Drop to a directory on the DTL machine. Just provide the required account URL, drop name, destination directory, and authentication details. The artifact can authenticate with the drop service using either an access token (via the AccessToken parameter) or Azure Managed Identity (via the ManagedIdentityClientID parameter).
To aid in investigation scenarios, the artifact optionally supports uploading a transcript of the operation and select files to an Azure Artifacts Drop. Simply provide the logs drop service URL, name, and authentication details (again, access token or managed identity). You can optionally specify files you would like to "snapshot" and add to the logs drop at the time of artifact completion via the LogsDropFilesToInclude and LogsDropFilesToExclude parameters.
Validation
You can test this artifact via the following steps:
Create a new Azure Artifacts Drop, upload one or more files to it, and finalize it.
Add this artifact to a new DTL machine with the following input parameters:
AccountURL: the URL of the Azure DevOps organization where you created the drop (i.e. the value you passed into the drop.exe create -s argument)
DropName: the name of the drop you created (i.e. the value you passed into the drop.exe create -n argument)
DestinationDirectory: C:\temp
AccessToken: A PAT you generated from the Azure DevOps organization where you created the drop (requires the Drop (Read) scope)
Log on to the DTL machine and look in the C:\temp directory, and you should see the files you uploaded to the drop
Successful Result
Following is a screenshot of the artifact logs of a successful execution of this artifact:
Description
We are submitting our custom artifact
windows-download-artifacts-drop
to the public repo for the following reasons:We are submitting this PR as part of a security effort to eliminate all access tokens and improve reliability across our systems.
The
windows-download-artifacts-drop
artifact can be used to download an Azure Artifacts Drop to a directory on the DTL machine. Just provide the required account URL, drop name, destination directory, and authentication details. The artifact can authenticate with the drop service using either an access token (via theAccessToken
parameter) or Azure Managed Identity (via theManagedIdentityClientID
parameter).To aid in investigation scenarios, the artifact optionally supports uploading a transcript of the operation and select files to an Azure Artifacts Drop. Simply provide the logs drop service URL, name, and authentication details (again, access token or managed identity). You can optionally specify files you would like to "snapshot" and add to the logs drop at the time of artifact completion via the
LogsDropFilesToInclude
andLogsDropFilesToExclude
parameters.Validation
You can test this artifact via the following steps:
drop.exe create -s
argument)drop.exe create -n
argument)C:\temp
Drop (Read)
scope)C:\temp
directory, and you should see the files you uploaded to the dropSuccessful Result
Following is a screenshot of the artifact logs of a successful execution of this artifact: