[enhancement]: support unattended configuration with a service principal

[afeld]

Describe your feature request here

The ./config.sh doesn't seem to have flags to allow use of a service principal - more details in https://github.com/MicrosoftDocs/azure-devops-docs/issues/13864#issuecomment-1928675057. Thanks!

[DenisRumyantsev]

@afeld thanks for reporting this. We will check if we can add a new flag to the config.

[Bjego]

Just had the same issue. We do have a pat based version running in docker and kubernetes. But to reduce complexity it would be great to add the missing flags.

[rafasc]

I looked at the agent code and the service principal support exists but is not well documented. You can use --auth SP, --clientid, --tenantid and --clientsecret.

https://github.com/microsoft/azure-pipelines-agent/blob/57947b0ed6fbe4eebd5fc8912820b8f97323c0b1/src/Microsoft.VisualStudio.Services.Agent/Constants.cs#L249

https://github.com/microsoft/azure-pipelines-agent/blob/57947b0ed6fbe4eebd5fc8912820b8f97323c0b1/src/Microsoft.VisualStudio.Services.Agent/Constants.cs#L140-L141

https://github.com/microsoft/azure-pipelines-agent/blob/57947b0ed6fbe4eebd5fc8912820b8f97323c0b1/src/Microsoft.VisualStudio.Services.Agent/Constants.cs#L149

It also honors their respective environment variables:

VSTS_AGENT_INPUT_AUTH=sp
VSTS_AGENT_INPUT_CLIENTSECRET=...
VSTS_AGENT_INPUT_CLIENTID=...
VSTS_AGENT_INPUT_TENANTID=...

using the mechanism described in https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux-agent?view=azure-devops#unattended-config