Switch to use token service instead of SPS for exchanging oauth token. (

actions#325)

* Gracefully switch the runner to use Token Service instead of SPS.

* PR feedback.

* feedback2

* report error.

src/Runner.Common/ConfigurationStore.cs

@@ -78,8 +78,10 @@ public interface IConfigurationStore : IRunnerService
         bool IsServiceConfigured();
         bool HasCredentials();
         CredentialData GetCredentials();
+        CredentialData GetMigratedCredentials();
         RunnerSettings GetSettings();
         void SaveCredential(CredentialData credential);
+        void SaveMigratedCredential(CredentialData credential);
         void SaveSettings(RunnerSettings settings);
         void DeleteCredential();
         void DeleteSettings();
@@ -90,9 +92,11 @@ public sealed class ConfigurationStore : RunnerService, IConfigurationStore
         private string _binPath;
         private string _configFilePath;
         private string _credFilePath;
+        private string _migratedCredFilePath;
         private string _serviceConfigFilePath;
 
         private CredentialData _creds;
+        private CredentialData _migratedCreds;
         private RunnerSettings _settings;
 
         public override void Initialize(IHostContext hostContext)
@@ -114,6 +118,9 @@ public override void Initialize(IHostContext hostContext)
             _credFilePath = hostContext.GetConfigFile(WellKnownConfigFile.Credentials);
             Trace.Info("CredFilePath: {0}", _credFilePath);
 
+            _migratedCredFilePath = hostContext.GetConfigFile(WellKnownConfigFile.MigratedCredentials);
+            Trace.Info("MigratedCredFilePath: {0}", _migratedCredFilePath);
+
             _serviceConfigFilePath = hostContext.GetConfigFile(WellKnownConfigFile.Service);
             Trace.Info("ServiceConfigFilePath: {0}", _serviceConfigFilePath);
         }
@@ -123,7 +130,7 @@ public override void Initialize(IHostContext hostContext)
         public bool HasCredentials()
         {
             Trace.Info("HasCredentials()");
-            bool credsStored = (new FileInfo(_credFilePath)).Exists;
+            bool credsStored = (new FileInfo(_credFilePath)).Exists || (new FileInfo(_migratedCredFilePath)).Exists;
             Trace.Info("stored {0}", credsStored);
             return credsStored;
         }
@@ -154,6 +161,16 @@ public CredentialData GetCredentials()
             return _creds;
         }
 
+        public CredentialData GetMigratedCredentials()
+        {
+            if (_migratedCreds == null && File.Exists(_migratedCredFilePath))
+            {
+                _migratedCreds = IOUtil.LoadObject<CredentialData>(_migratedCredFilePath);
+            }
+
+            return _migratedCreds;
+        }
+
         public RunnerSettings GetSettings()
         {
             if (_settings == null)
@@ -188,6 +205,21 @@ public void SaveCredential(CredentialData credential)
             File.SetAttributes(_credFilePath, File.GetAttributes(_credFilePath) | FileAttributes.Hidden);
         }
 
+        public void SaveMigratedCredential(CredentialData credential)
+        {
+            Trace.Info("Saving {0} migrated credential @ {1}", credential.Scheme, _migratedCredFilePath);
+            if (File.Exists(_migratedCredFilePath))
+            {
+                // Delete existing credential file first, since the file is hidden and not able to overwrite.
+                Trace.Info("Delete exist runner migrated credential file.");
+                IOUtil.DeleteFile(_migratedCredFilePath);
+            }
+
+            IOUtil.SaveObject(credential, _migratedCredFilePath);
+            Trace.Info("Migrated Credentials Saved.");
+            File.SetAttributes(_migratedCredFilePath, File.GetAttributes(_migratedCredFilePath) | FileAttributes.Hidden);
+        }
+
         public void SaveSettings(RunnerSettings settings)
         {
             Trace.Info("Saving runner settings.");
@@ -206,6 +238,7 @@ public void SaveSettings(RunnerSettings settings)
         public void DeleteCredential()
         {
             IOUtil.Delete(_credFilePath, default(CancellationToken));
+            IOUtil.Delete(_migratedCredFilePath, default(CancellationToken));
         }
 
         public void DeleteSettings()

src/Runner.Common/Constants.cs

@@ -19,6 +19,7 @@ public enum WellKnownConfigFile
     {
         Runner,
         Credentials,
+        MigratedCredentials,
         RSACredentials,
         Service,
         CredentialStore,

src/Runner.Common/HostContext.cs

@@ -281,6 +281,12 @@ public string GetConfigFile(WellKnownConfigFile configFile)
                         ".credentials");
                     break;
 
+                case WellKnownConfigFile.MigratedCredentials:
+                    path = Path.Combine(
+                        GetDirectory(WellKnownDirectory.Root),
+                        ".credentials_migrated");
+                    break;
+
                 case WellKnownConfigFile.RSACredentials:
                     path = Path.Combine(
                         GetDirectory(WellKnownDirectory.Root),

src/Runner.Common/RunnerServer.cs

@@ -50,6 +50,10 @@ public interface IRunnerServer : IRunnerService
 
         // agent update
         Task<TaskAgent> UpdateAgentUpdateStateAsync(int agentPoolId, int agentId, string currentState);
+
+        // runner authorization url
+        Task<string> GetRunnerAuthUrlAsync(int runnerPoolId, int runnerId);
+        Task ReportRunnerAuthUrlErrorAsync(int runnerPoolId, int runnerId, string error);
     }
 
     public sealed class RunnerServer : RunnerService, IRunnerServer
@@ -334,5 +338,20 @@ public Task<TaskAgent> UpdateAgentUpdateStateAsync(int agentPoolId, int agentId,
             CheckConnection(RunnerConnectionType.Generic);
             return _genericTaskAgentClient.UpdateAgentUpdateStateAsync(agentPoolId, agentId, currentState);
         }
+
+        //-----------------------------------------------------------------
+        // Runner Auth Url
+        //-----------------------------------------------------------------
+        public Task<string> GetRunnerAuthUrlAsync(int runnerPoolId, int runnerId)
+        {
+            CheckConnection(RunnerConnectionType.MessageQueue);
+            return _messageTaskAgentClient.GetAgentAuthUrlAsync(runnerPoolId, runnerId);
+        }
+
+        public Task ReportRunnerAuthUrlErrorAsync(int runnerPoolId, int runnerId, string error)
+        {
+            CheckConnection(RunnerConnectionType.MessageQueue);
+            return _messageTaskAgentClient.ReportAgentAuthUrlMigrationErrorAsync(runnerPoolId, runnerId, error);
+        }
     }
 }

src/Runner.Listener/Configuration/CredentialManager.cs

@@ -13,7 +13,7 @@ namespace GitHub.Runner.Listener.Configuration
     public interface ICredentialManager : IRunnerService
     {
         ICredentialProvider GetCredentialProvider(string credType);
-        VssCredentials LoadCredentials();
+        VssCredentials LoadCredentials(bool preferMigrated = true);
     }
 
     public class CredentialManager : RunnerService, ICredentialManager
@@ -40,7 +40,7 @@ public ICredentialProvider GetCredentialProvider(string credType)
             return creds;
         }
 
-        public VssCredentials LoadCredentials()
+        public VssCredentials LoadCredentials(bool preferMigrated = true)
         {
             IConfigurationStore store = HostContext.GetService<IConfigurationStore>();
 
@@ -50,6 +50,16 @@ public VssCredentials LoadCredentials()
             }
 
             CredentialData credData = store.GetCredentials();
+
+            if (preferMigrated)
+            {
+                var migratedCred = store.GetMigratedCredentials();
+                if (migratedCred != null)
+                {
+                    credData = migratedCred;
+                }
+            }
+
             ICredentialProvider credProv = GetCredentialProvider(credData.Scheme);
             credProv.CredentialData = credData;
 

src/Runner.Listener/Configuration/OAuthCredential.cs

@@ -1,6 +1,5 @@
 using System;
 using GitHub.Runner.Common;
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using GitHub.Services.Common;
 using GitHub.Services.OAuth;
@@ -29,7 +28,7 @@ public override VssCredentials GetVssCredentials(IHostContext context)
             var authorizationUrl = this.CredentialData.Data.GetValueOrDefault("authorizationUrl", null);
 
             // For back compat with .credential file that doesn't has 'oauthEndpointUrl' section
-            var oathEndpointUrl = this.CredentialData.Data.GetValueOrDefault("oauthEndpointUrl", authorizationUrl);
+            var oauthEndpointUrl = this.CredentialData.Data.GetValueOrDefault("oauthEndpointUrl", authorizationUrl);
 
             ArgUtil.NotNullOrEmpty(clientId, nameof(clientId));
             ArgUtil.NotNullOrEmpty(authorizationUrl, nameof(authorizationUrl));
@@ -39,7 +38,7 @@ public override VssCredentials GetVssCredentials(IHostContext context)
             var keyManager = context.GetService<IRSAKeyManager>();
             var signingCredentials = VssSigningCredentials.Create(() => keyManager.GetKey());
             var clientCredential = new VssOAuthJwtBearerClientCredential(clientId, authorizationUrl, signingCredentials);
-            var agentCredential = new VssOAuthCredential(new Uri(oathEndpointUrl, UriKind.Absolute), VssOAuthGrant.ClientCredentials, clientCredential);
+            var agentCredential = new VssOAuthCredential(new Uri(oauthEndpointUrl, UriKind.Absolute), VssOAuthGrant.ClientCredentials, clientCredential);
 
             // Construct a credentials cache with a single OAuth credential for communication. The windows credential
             // is explicitly set to null to ensure we never do that negotiation.