Adding Authorization for Github api call In KubeLoginInstallerV0 (#20725

)

* Adding Authorization for Github api call In KubeLoginInstallerV0

* Changing minor version

* changing task-loc.json

* correcting FF name

* changing task-loc.json

* modifyng tasloc fle

* modifying the logic

* changes in generated folder

* Addng Less genric error

* bump tas verson

* addng warnng

* addng chld error class

Tasks/KubeloginInstallerV0/task.json

@@ -15,7 +15,7 @@
     "author": "Microsoft Corporation",
     "version": {
         "Major": 0,
-        "Minor": 247,
+        "Minor": 251,
         "Patch": 0
     },
     "demands": [],
@@ -30,6 +30,14 @@
             "label": "kubelogin version",
             "defaultValue": "latest",
             "helpMarkDown": "The version of kubelogin to use"
+        },
+        {
+            "name": "gitHubConnection",
+            "type": "connectedService:github:OAuth,OAuth2,PersonalAccessToken,InstallationToken,Token",
+            "label": "GitHub Connection",
+            "defaultValue": "",
+            "required": false,
+            "helpMarkDown": "A GitHub connection is needed to prevent anonymous requests limits to the Github API for [Azure/kubelogin](https://github.com/azure/kubelogin) from impacting the installation. Leaving this empty may cause failures if the request limit is reached. This connection does not require ANY permissions."
         }
     ],
     "execution": {

Tasks/KubeloginInstallerV0/task.loc.json

@@ -15,7 +15,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 0,
-    "Minor": 247,
+    "Minor": 251,
     "Patch": 0
   },
   "demands": [],
@@ -30,6 +30,14 @@
       "label": "ms-resource:loc.input.label.kubeloginVersion",
       "defaultValue": "latest",
       "helpMarkDown": "ms-resource:loc.input.help.kubeloginVersion"
+    },
+    {
+      "name": "gitHubConnection",
+      "type": "connectedService:github:OAuth,OAuth2,PersonalAccessToken,InstallationToken,Token",
+      "label": "ms-resource:loc.input.label.gitHubConnection",
+      "defaultValue": "",
+      "required": false,
+      "helpMarkDown": "ms-resource:loc.input.help.gitHubConnection"
     }
   ],
   "execution": {

Tasks/KubeloginInstallerV0/utils.ts

@@ -47,13 +47,26 @@ export function isLatestVersion(version: string): boolean {
   return v === 'latest' || v === '*' || v === '';
 }
 
+function addAuthorizationHeaderIfEnabled(request: webClient.WebRequest): void {
+  if (taskLib.getBoolFeatureFlag('USE_AUTHORIZATION_FOR_API_CALL')) {
+    const token = getGithubEndPointToken();
+    if (token) {
+      request.headers['Authorization'] = 'token ' + token;
+    }
+    else {
+      taskLib.warning('The GitHub token is empty. API calls may fail without proper authentication');
+    }
+  }
+}
+
 export async function getLatestVersionTag(): Promise<string> {
   let request = new webClient.WebRequest();
   request.uri = 'https://api.github.com/repos/' + KUBELOGIN_REPO_OWNER + '/' + KUBELOGIN_REPO + '/releases/latest';
   request.method = 'GET';
   request.headers = request.headers || {};
   request.headers['User-Agent'] = userAgent;
 
+  addAuthorizationHeaderIfEnabled(request);
   const response = await webClient.sendRequest(request);
   return response.body['tag_name'];
 }
@@ -85,6 +98,7 @@ export async function getKubeloginRelease(version: string = 'latest', platform?:
     request.headers = request.headers || {};
     request.headers['User-Agent'] = userAgent;
 
+    addAuthorizationHeaderIfEnabled(request);
     const response = await webClient.sendRequest(request);
 
     const releaseUrl: string =
@@ -134,6 +148,50 @@ export async function unzipRelease(zipPath: string): Promise<string> {
   }
 }
 
+function getGithubEndPointToken(): string {
+  const githubEndpoint = taskLib.getInput("gitHubConnection", false);
+  const githubEndpointObject = taskLib.getEndpointAuthorization(githubEndpoint, true);
+  let githubEndpointToken: string = null;
+
+  if (!githubEndpointObject) {
+    throw new GitHubEndpointObjectError(taskLib.loc("Failed to retrieve GitHub endpoint object."));
+  }
+  taskLib.debug("Endpoint scheme: " + githubEndpointObject.scheme);
+
+  switch (githubEndpointObject.scheme) {
+    case 'PersonalAccessToken':
+      githubEndpointToken = githubEndpointObject.parameters.accessToken;
+      break;
+    case 'OAuth':
+      githubEndpointToken = githubEndpointObject.parameters.accessToken;
+      break;
+    case 'Token':
+      githubEndpointToken = githubEndpointObject.parameters.accessToken;
+      break;
+    default:
+      throw new GitHubEndpointSchemeError(
+        taskLib.loc("InvalidEndpointAuthScheme", githubEndpointObject.scheme)
+      );
+  }
+  return githubEndpointToken;
+}
+
+class GitHubEndpointObjectError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "GitHubEndpointObjectError";
+    Object.setPrototypeOf(this, GitHubEndpointObjectError.prototype);
+  }
+}
+
+class GitHubEndpointSchemeError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "GitHubEndpointSchemeError";
+    Object.setPrototypeOf(this, GitHubEndpointSchemeError.prototype);
+  }
+}
+
 export function getKubeloginPath(inputPath: string, fileName: string): string | undefined {
   const files: string[] = fs.readdirSync(inputPath);
   for (const file of files) {

_generated/KubeloginInstallerV0.versionmap.txt

@@ -1,2 +1,2 @@
-Default|0.247.0
-Node20_229_3|0.247.1
+Default|0.251.0
+Node20_229_3|0.251.1

_generated/KubeloginInstallerV0/Strings/resources.resjson/en-US/resources.resjson

@@ -5,6 +5,8 @@
   "loc.instanceNameFormat": "Install Kubelogin $(kubeloginVersion)",
   "loc.input.label.kubeloginVersion": "kubelogin version",
   "loc.input.help.kubeloginVersion": "The version of kubelogin to use",
+  "loc.input.label.gitHubConnection": "GitHub Connection",
+  "loc.input.help.gitHubConnection": "A GitHub connection is needed to prevent anonymous requests limits to the Github API for [Azure/kubelogin](https://github.com/azure/kubelogin) from impacting the installation. Leaving this empty may cause failures if the request limit is reached. This connection does not require ANY permissions.",
   "loc.messages.Info_VerifyKubeloginInstallation": "Verifying kubelogin installation...",
   "loc.messages.Info_ResolvedToolFromCache": "Resolved from tool cache: %s",
   "loc.messages.Info_UsingToolPath": "Using tool path: %s",

_generated/KubeloginInstallerV0/task.json

@@ -15,7 +15,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 0,
-    "Minor": 247,
+    "Minor": 251,
     "Patch": 0
   },
   "demands": [],
@@ -30,6 +30,14 @@
       "label": "kubelogin version",
       "defaultValue": "latest",
       "helpMarkDown": "The version of kubelogin to use"
+    },
+    {
+      "name": "gitHubConnection",
+      "type": "connectedService:github:OAuth,OAuth2,PersonalAccessToken,InstallationToken,Token",
+      "label": "GitHub Connection",
+      "defaultValue": "",
+      "required": false,
+      "helpMarkDown": "A GitHub connection is needed to prevent anonymous requests limits to the Github API for [Azure/kubelogin](https://github.com/azure/kubelogin) from impacting the installation. Leaving this empty may cause failures if the request limit is reached. This connection does not require ANY permissions."
     }
   ],
   "execution": {
@@ -59,7 +67,7 @@
     "Info_KubeloginDownloading": "Downloading kubelogin"
   },
   "_buildConfigMapping": {
-    "Default": "0.247.0",
-    "Node20_229_3": "0.247.1"
+    "Default": "0.251.0",
+    "Node20_229_3": "0.251.1"
   }
 }