In order to use the token credentials correctly and everywhere, we need to stop using hardcoded PATs and rather keep calling GetToken() every time we need to use it. The credentials can then either have a PAT inside (if we supply one in darc via args) or we will use AzureCLI or managed identities to obtain it.
The system of choosing the credential has now been also unified with how we handle Maestro API tokens.
This code change unifies the approach so that the AzureDevOpsTokenProvider is used everywhere for that purpose.
It also changes how we configure what kind of credential to use. Each AzDO account can still have it's own way.
Lastly, more classes become DI-friendly and easier to obtain/depend on (such as AzureDevOpsClient).
In order to use the token credentials correctly and everywhere, we need to stop using hardcoded PATs and rather keep calling
GetToken()
every time we need to use it. The credentials can then either have a PAT inside (if we supply one indarc
via args) or we will useAzureCLI
or managed identities to obtain it. The system of choosing the credential has now been also unified with how we handle Maestro API tokens.This code change unifies the approach so that the
AzureDevOpsTokenProvider
is used everywhere for that purpose. It also changes how we configure what kind of credential to use. Each AzDO account can still have it's own way.Lastly, more classes become DI-friendly and easier to obtain/depend on (such as
AzureDevOpsClient
).https://dev.azure.com/dnceng/internal/_workitems/edit/6419